did you configure any rule with access role and installed that policy?

Also check logs for blade:Identity awareness

You will need to deploy another IDC in this case.

Keep in mind that IDC is only acquiring the username, namely from the AD logs.
There is no "priority" for this part.
The gateway has to query AD for groups.
The priority in this case is ordered as you configure where "first to respond" wins.

a) I have deploy 2 IDCs but they are exactly the same. Each pool that I have created included 38 DCs. (So can i divide it here 35 per DC?)

b) So mean that IDCs communicate with the AD pulls the information of each DC and sent it every 10 seconds to the gateways.?

Each IDC should talk to no more than 35 AD (Log) Servers.
What configuration you use to achieve that is up to you.
If IDC learns the same thing from multiple AD (Log) servers within a few minutes, it’s only going to send it to the gateway once.

I have setup 2 IDC’s the second one is for redundancy. Each DC report for a different site. So each of one them is important. How can I do it ? 

If you have two set up for redundancy right now with 38 AD servers, you will now need four.
The IDC instances should be set up close (network-wise) to the different AD servers. 

we have exactly same kind of setup 36 AD and two IDC servers, each gateway is connected to both IDC. IDC will always keep in record firstly arrived event, other events for same IP,username are ignored.