What am I testing against?
Active Directory credentials are used to discover domain controllers. Each credential in the list is used to contact Active Directories for the corresponding domain. Essentially, you should create a separate credential for each domain.
For example, if you define three credentials:
Each would be used in turn to contact their relevant domain controllers. More specifically, "administrator" would be used to discover domain controllers on "alpha.local"; "Joe.Frazier" would be used to contact domain controllers on "beta.local"; and "Muhammad.Ali" would be used to contact domain controllers on "zeta.local".
For purposes of discovering AD domain controllers, the AD account must be a member of the domain; and for purposes of polling for user login data, the AD account must at least be a member of Event Log Readers if not a group with greater permissions.