Please find my comments below
so you have two domains within SEP, correct? The 'Default' domain and the 'Domain D' domain are both listed under Admin -> Domains within the SEPM Console right?
YES
While in this section of the console, can you click through both the 'Default' and the 'Domain D' entries and confirm which one say '(Current Domain)' beside it?
Default domain is current domain.. When we click the domain D we have an option like administer domain option is enable.. Whereas when we click default domain this option is not available.
If it is 'Domain D' which is the current domain (as I suspect it is) then when you're are creating the Limited Administrator account, you are creating it for 'Domain D'. What this means is that when you are trying to log in as this Limited Administrator account, you must make sure you fill in the "Domain" field in the logon screen (made available by clicking the "Options >>" button).
In this scenario, we are creating Domain D user account for SEPM login as AD authentication. Even when we fill domain name correctly as per the list under domain tab.
As the earlier article states, the SEP Domains are case sensitive so make sure it is written exactly as it appears from within the SEPM Console -> Admin -> Domains.
Entering correctly.