DoH and AD DC?

Hey guys,

I just was trying to roll out NextDNS with a couple of my AD DC clients...I wanted to be able to see the information about who was surfing the blocked pages, leveraging DoH by putting the client on each computer.  What I found out, though, was that once they restarted their computer, the computer no longer had access to the DC - I've looked into the split deal, but couldn't get it to actually see the local DC.  I don't like the idea of just putting the DNS records as forwarders because then we don't get the information about the client on each record - is there a way to get all of it?

For more info, I'm running nextdns cli on a Ubiquiti UDM Pro.  Most workstations are Win11, but a couple still 10, though I've thought about maybe trying to just do DoH with windows, but...this has me perplexed - any guidance?