The users will exist in both domains? The ActiveDirectory integration works by using the userPrincipalName to bind. In your configuration that would be constructed as elastic@ad_hostname1 and elastic@ad_hostname2. Are you able to check the active directory logs for information about why the request fails if this is the correct user principal name?