You can configure Roles and leverage the membership criteria which can used to impose fine-grained controls and assign the relevant entitlements and or access profiles once the criteria is met with.
The only thing to consider is that the identity should have the account on the ADDS2 else create operation will be invoked by SailPoint. More information related to Role configuration is here: Automating Role Assignment - SailPoint Identity Services
If you’re interested in another approach if you are using ADDS2 just to aggregate the users from then would be to leverage native rules on ADDS1 when an Add entitlement operation is successful during the After Modify Rule.
Thanks,
Aman