Good question. There is a whole blog that could be done on DPA LDAP and config I think. DPA had LDAP integration before it had the wizard that allows for it now. In the old days (pre 10.2)
you had to edit a file manually that is in the folder path DPA home\iwc\tomcat\ignite_config\idc\system.properties
This file is what the wizard for the config now will edit when you use it. The wizard has a limitation still in that it will only ask for the domain and then it puts in in this file in a line that would look like
The wizard only ever writes to this Url1 line but, DPA will work with up to 5 something like
We have also used this in support to point to direct servers when there are issues with one Domain controller timing out. I have seen that with a domain that had servers in Europe and DPA was located in New York, USA for example.
So you can manually edit the file and add the other domain assuming there is a trust and the one account in use to look up groups in the manager line can access both of them.
This has some other limits also such as it might be best if you are using LDAPS to go through the wizard first to get DPA to offer to import the certificates needed and in one of the versions we had an issue where if you have multiple Url lines in this file from a manual edit and you use the wizard again you got an error message. This has been fixed in the most recent release I know.
This all being said my advice would be to use the wizard to change your info and import certificates. Be sure you use an account for the manager that can get to groups in both domains if possible and then manually edit the file to add domain2 in Url2 to the file. DPA should use domain 1 first and if no match is found try to domain 2.
If you have issues you can open a support case and we can advise more.
I am going to give this a try tomorrow morning and if I have an issue I will let you know. Thanks!!! -Dave