Re: FSSO Question for 2 domains
you have two options:
1 - simpler - install on b.com another FSSO CA - if you can. This is much easier to operate and will work well.
2 - complex - you can, as you suggested, to point DCAgent from b.com -> ca.a.com, but in that case you need to configure specific LDAP server for b.com on ca.a.com. Besides that, you need to create correct group filter between fgt and ca. This will be tricky, since you can have only one LDAP server selected in Fortigate and in FSSO CA too.
Luckily, for such a cases, 'config user adgrp' can be edited manually. Or you can manually edit group-filter on CA, both ways are possible.
So my advice, unless you really can't, go for 1/.