We have the following scenario. We have two offices connected via a
WAN, currently Frame Relay. There are 2 different domains, one for
each office. We have implemented a bi-directional forest-level trust
between them. They are not in the same forest. We have used a
custom source to define the two domains for profile import and
applied the hotfix from this article
http://support.microsoft.com/kb/837249#kb2, so that we can specify
the domain name in the audience creation. We have set up the
following scenario for the groups:

DOMAIN2 is the domain SharePoint sits on:

DOMAIN1\GlobalGroup1
DOMAIN2\GlobalGroup1

DOMAIN2\LocalGroup1: Members: DOMAIN1\GlobalGroup1,DOMAIN2
\GlobalGROUP1

For security, this model works well. However, if I assign an
audience with the rule User is Member of DOMAIN2\LocalGroup1, the
only members I get are from DOMAIN2\GlobalGroup1. It ignores the
other domain. I have verified that I can see the other domain from
the SharePoint machines with the Administration account and
Application Pool identity account.

I can create rules that specify individual users from DOMAIN1 for
example: Account Name contains DOMAIN1\User1, but not for the
groups.

Do you have any suggestions for where the problem may lie?