**Fix below**
There were a couple of issues that I found with what they setup.
1) A VMware host had a conflicted ARP entry with our AD LTM VIP, even though the VMware host was down. So we just changed the LTM VIP to a different IP.
2) They had an xff HTTP profile attached to the AD VIP. This simply broke the connection.
With the above corrected, everything looks good. No need for a forwarding VIP in this case. I mainly wanted to see if there was anything special you had to configure on the LTM to pass AD, but you guys answered that for me.
Thank you!