Welcome to the CodeRanch.
I haven't worked with AD, but we do use several LDAP providers for authentication in our domains (Weblogic uses AD as an LDAP provider, so they should be similar). The way we accomplish this is to create an LDAP authenticator for each server you want to check users against. If you look at an Authenticator Configuration tab, and the Common tag under that, there is a field called "Control Flag". If you want your users to be authenticated if they are in one AD database but not the other, set the control flag to "SUFFICIENT" in both authenticators. If you want the user to be in both AD databases in order to log in, set both control flags to "REQUIRED".
See this article and this article for more information on setting up authentication against AD.