Hi,
I think ZBF will only handle in one direction (in to out).
Did you thought about implementing a tunnel between AD servers to accomplish that trust?
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
http://technet.microsoft.com/en-us/library/bb742429.aspx#EGAA
Regards,
Pedro Lereno