Searching for the user michael@mycontoso.com with the objectSid S-1-5-21-1234567890-123465789-123456789-123456, I only find a Foreign Security Principal CN=S-1-5-21-1234567890-123465789-123456789-123456,CN=ForeignSecurityPrincipals,DC=contoso,DC=com.
That foreign security principal does not contain the properties I have to read, so I guess I have to access the "Home AD" of that FSP.
Does a FSP have a property that always contains the LDAP path of the user object? Is there a standardized/recommended way how to access the Home AD?
Sadly FSP don't contain the LDAP path of the referenced object. (if it contain one, then it needs to be replicated once the object is rename/moved)
There seems no easy way to get back the containing AD using the SID from foreign forest.
If in local forest you may do it by binding to LDAP://<SID=S-1-xxxxx>.
A not-so-easy way is to build a domain SID to domain map.
Walk through each domain in trusted forests and build the map using the script here (the "The Script Solution" section).
SID of security principals are in the form of <domain SID>-<RID>.
e.g. domain SID of S-1-5-21-1234567890-123465789-123456789-123456 is S-1-5-21-1234567890-123465789-123456789.
By extracting the domain SID (if in .NET you can do it by using SecurityIdentifier class and the AccountDomainSid property) and the map then you can find out the containing domain.