AD LDAP: Add users to keycloak which are members of a subgroup #34830

Hey, I just configured the LDAP User federation in our keycloak but am struggling with one point and would really appreciate getting some help.

Background: I have a group in our Active Directory which I want to synchronize with keycloak (called Users_keycloak) which contains other groups (For each department in our company we have a group, and I include some of these department-groups in the Users_keycloak group).
I want it to work this way: Once one of these department-groups is added to the Users_keycloak group, the users, wo are member of the department-group, shall be created in our keycloak realm automatically and be assigned to the group Users_keycloak (Because the department-group is member of the “Users_keycloak” group).

So far so good; I managed to get the basics working. I configured the LDAP provider and also the group-ldap-mapper accordingly (Now this group “Users_keycloak” get synced with our keycloak). And once I add a single user to the group “Users_keycloak” in our Active Directory, the user automatically gets created in keycloak and is also part of the group “Users_keycloak”. But u know, I dont want to add single users to the group; i want to add groups to the group.

There problem starts here: Once I add a user-group (one of the department groups) to the “Users_keycloak” group, the users, who are member of the department group, dont get created in the keycloak realm. I dont want the department-group to be created in keycloak, because there shall only be this single “Users_keycloak” group. But the members of the department-group shall be created in keyclaok and also associated with the “Users_keycloak” group. Is there any way to achieve this?

I hope it is understandable and would really appreciate your help!