It can be that you have just configuration problem on the LDAP server (TreeA). You wrote that there are trust between TreeA and TreeB, so that you can add UserB (from TreeB) as the member of the GroupA in TreeA. If you can do this, than you have successfully establish trust in the correct direction between TreeA and TreeB. You should understand, that trust mean only that Active Directory B verify the user password only, but UserB per default will have no access to any resources from the Active Directory A. The UserB can has no permission to make LDAP bind to the server A. In the case the problem will solved by granting the UserB the remote login permission on the server A and the read access to GroupA and probably read permission to the OU where GroupA exist. You can try Insight for Active Directory to monitor AD access to localize the permission problems.

Other possible reason of your problem could be the usage of API which you use to LDAP access. In you question you don’t wrote any information about the API. Do you use Win32 API like ldap_bind_s or use DirectoryEntry in .NET? In both cases it could be important that you either use explicitly domain name together with the account name (for UserB) during the binding or use null for both name and the password to user current user credential.

The usage of fixed account from TreeA for all accesses to TreeA (also for tests about UserB) could also solve the problem, but it could be possible only is some kind of application usage.

In any way more information in your question could narrow the problem and the ways to solve the problem.