Thanks for checking this out for me.  I cannot seem to find this easily and with r4600 series and the F5OS are pretty new, so not a lot of people seem to have intensive knowledge about it.

This is in relation to device management access.  We are made up of 6 organizations using 6 different AD domains but all in the same forest.  I created partitions in the tenant for each of them and I would like them to be managers of their own partitions.  The domain listed in the device for LDAP purposes is xyz.com, so users in 123.com, abc.com, etc are not showing up even though we have a two-way trust between xyz.com and all of the others.  In some of the other tools we use, AD either understands the trust and they just login with the normal domain credentials or we have to add each AD domain in individually.

Ok thanks for that detail. If you go into Authentication and configure User Directory, you should see Remote APM-Based as an option there. From there, you should be able to select Active Directory and it's similar to setting up an APM policy and you should have an option to enable Cross-domain support from there. Let me know if you see those options?

This is what I see when I go into System | Users | Authentication.  Remote Directory Tree is just a blank field.

This appears to be the solution and we are working with the systems team to get this implemented.  Nothing ever seems to be easy or "straight forward" in the F5 world and I thank you for this information!

I'll be submitting some feedback to the documentation folks to see if this can be outlined a bit better!