All the documentation that I have read mention it but do not exactly describe what it means.  I am able to add a single domain in my forest but when I go to add another domain I get a "Duplication Identify store" error.

In our environment we have 3 domains that are part of the Active Directory Forest.

Root, which no users are typically in, it is there simply to hold any universal groups and forest level roles.

Then two sub domains

Accounts, which is a domain that all of our user accounts exist and is the primary logon domain for all users in the company.

Resource, which is a domain that all of the resource servers and administration accounts exist for my division in the company.

Our administrators typically would have accounts in Resource for managing any of the servers and resources in that domain, but to access all standard services they would use and account in the accounts domain.

In our implementation we are looking to setup a single tenant configuration,  I would like to setup the Administration of the default tenant using accounts from the Resource domain, but then allow users from the Accounts domain to consume any of the blueprints that we advertise.

How do I go about setting this up?

Our planned configuration

vCloud suite 5.5 standard, vCenter upgraded to 5.5b, and vCAC 6.0.  Using SSO that is included with vCAC 6.0 for Automation Center.