Resolve Foreign security Principals

[einst6]

Hi,

we are syncing two Active Directory as LDAP Source into Authentik.
Some of the groups (domain local groups) contain "Foreign security Principals" like "CN=S-1-5-21-123456789-123456789-1234567890–123456,CN=ForeignSecurityPrincipals,DC=domain,DC=com" that refer via the CN to an attribute called objectSid of a user of the other Active Directory domain.

So we would like to add the user of the other domain to the group in Authentik. For that we created a property mapping that imports the "objectSid" into the User.
Now we wrote another property mapping that takes the member attribute and searches for these Foreign Security Principals and gets the corresponding user and adds it to the member attribute.

This works but it does not result in the way we want it to, so the user is not "really" added to the group but rather the member attribute contains this entry.

So my question is how do we "really" add the user to a group within the property mapping, or is there another way of doing this?
(We already thought about an external application that triggers the API to add the user, but I hope there is a better solution)

Thanks for your help in advance

[3r1c02]

Did you solve the problem? We also have two ADs, and I'm looking for a way to resolve FSPs because we have our users in one and our groups in the other AD.