I coudn't get this section working but i believe is a problem with my AD server configuration. However with the current setup and solution I dont see how it would ever work. If the TEST PC cannot reach the TEST SRV A then it can't tell the domain it has logged in. Therefor when the ASA polls AD it doesn't see the user to IP mapping. It seems like you would need to allow DNS and reachability to AD for this to work given the topology.
Side note any suggestions on how to troubleshoot and LDAP error? I am getting "ERROR: ldap retrieve AD Groups fails:1" when i run the show command show user-identity ad-groups INELAB. I have tried LDAP over SSL and aldo both the default 389 and 636 Ports