Adding a few more details to be taken care of.
LDAP as authentication directory and AD as authorization directory.
>>>> Create Directory Mapping LDAP AuthDir and AD AzDir. You may use the Legacy Directory Mapping OR Authentication-Authorization in IdentityMapping.
Use LDAP as authentication directory and AD as authorization directory for “A” realm. However, for “B” realm there won’t be any change i.e. LDAP as an authentication/authorization directory
>>>> IMPORTANT : In the Policy Domain only add LDAP as User Directory. AD as User Directory should not be added at Policy Domain Level.
>>>> Go to Realm-A and select the Directory Mapping from the applicable drop down (Legacy Directory Mapping or Identity Mapping). Create a separate Policy for Realm-A. Here in the policy you'll see LDAP and AD (result of Mapping being in realm). Select users from AD who need to be allowed access. In LDAP you could leave it blank. Add the rule and response. Save the Policy.
>>>> Go to Realm-B. Here we do not select any Directory Mapping. Create a separate Policy for Realm-B. I think (if memory serves right), here too you'll see LDAP and AD. Select users from LDAP who need to be allowed access. In AD you could leave this blank. Add the rule from Realm-2 and associate with response. Save the Policy.