Cross-Forest Certificate Authority is not for the faint of heart. This post is not going walk you through on how to set all that up, but if you get to a point where you need to sync an object identifier (OID), like in this example Remote Desktop Authentication. This bit of powershell will help you find which oid is for remote desktop auth. You can then use PkiSync to get that over to the other domain.
get-adobject -LDAPFilter "(objectClass=msPKI-Enterprise-Oid)" -SearchBase "CN=OID,CN=Public Key Services,CN=Services,CN=Configuration,DC=YourDomain,DC=com" -Properties * | where {$_.DisplayName -like 'Remote*'} | Select distinguishedName,DisplayName | fl