Is anyone out here running a Distributed Availability Group? Maybe in a cross-domain non-trust environment? 
I'm curious how you could create users in the other AG. You can not use the domain accounts because there is no trust -- even if they are contained. It seems only SQL Server logins would work. But they would have to be defined and granted permissions on the original primary copy of the database.
Does anyone have one these? Or found a definitive answer? I've searched extensively and can't find and answer. I'm assuming it is "No". All the articles stop after they create the Distributed Availability Group.