DPA Authentication Multiple Domains in Separate Forests

Does anyone have any experience setting up DPA for multiple domains in separate forests?  I see several KBs that reference the BaseDN can be shortened to allow easy authentication of sub domains in the same forest.  I don't see any practical examples for multiple domains in separate forests.  There is a fully trust and I have members of domain B in a security group in domain A (where domain A is configured in DPA and is a global catalog AD Domain controller).  Domain A users can authenticate fine, domain B members cannot log and I get the follow in the DPA Auth logs.

WARN   (2019-12-09 14:49:27,208.EST) [https-jsse-nio-8124-exec-10] CustomUserDetailsService - xxxx

INFO   (2019-12-09 14:49:27,270.EST) [https-jsse-nio-8124-exec-10] LoginThrottle - Invalid login attempt to /iwc/login.iwc by 'xxxx' from 10.10.x.x