Currently Crowd offers very basic functionality of synchronizing Users/Groups/Memberships based on a specified Base DN, which will sync all users/groups/memberships that are located in subtrees below the Base DN. It would be helpful to AD admins if Crowd can also sync objects from trusted forests so that Crowd would be able to sync group/user members from the external forest.

To do this though, Crowd must be able to resolve the ForeignSecurityPrincipal (in the local domain specified by the BaseDN), which is a reference object to a securityPrincipal in the external domain. See: http://technet.microsoft.com/en-us/library/cc755427%28v=ws.10%29.aspx