Does anyone have any experience setting up DPA for multiple domains in separate forests? I see several KBs that reference the BaseDN can be shortened to allow easy authentication of sub domains in the same forest. I don't see any practical examples for multiple domains in separate forests. There is a fully trust and I have members of domain B in a security group in domain A (where domain A is configured in DPA and is a global catalog AD Domain controller). Domain A users can authenticate fine, domain B members cannot log and I get the follow in the DPA Auth logs.
WARN (2019-12-09 14:49:27,208.EST) [https-jsse-nio-8124-exec-10] CustomUserDetailsService - xxxx
INFO (2019-12-09 14:49:27,270.EST) [https-jsse-nio-8124-exec-10] LoginThrottle - Invalid login attempt to /iwc/login.iwc by 'xxxx' from 10.10.x.x