Where the same account name exists across multiple domains within the same Active Directory forest, Cloud Access Manager can fail to successfully authenticate to any of them by username. This can manifest in the GUI as ‘Connection failed’ being returned when you use the Test Connection button while configuring an AD Front-end Authenticator and the users / groups list failing to populate when you try and configure a role.
The Global catalog for AD is returning multiple users for the same lookup and so Cloud Access Manager cannot distinguish which is the correct one to use.
You must enter the UPN (User Principal Name) for your user to achieve successful authentication e.g. email@example.com.
N.B. if the accounts are 'mirrored' i.e. they all have the same account name AND password, then it would only be necessary to enter the username rather than UPN to achieve successful authentication.