We're looking at doing a cloud migration and considering shifting to a new Active Directory forest in the process.
On-site, our AD root forest matches our top-level domain (myschool.edu). We've been using it for several years, but it could have been managed better. There are plenty of objects and groups that we're not sure are being used any more (many of which were inherited), and while it isn't directly impacting performance, it's a problem we'd like to resolve.
Ideally, though, we'd like our AD root forest to be a sub-domain of our top-level domain (ad.myschool.edu). Since this could potentially involve a big change, I thought it might be easier to just start that as a new root forest in the cloud. If we can just synchronize the users (and maybe some groups) from the old AD forest to the new one, we could just make switching the domain the machine is bound to part of the cloud migration process. This way, there's no single day a bunch of things break... we just move closer to the day that we get rid of the old forest (at myschool.edu).
I may be thinking about this wrong, though. What would be the best way of going about doing this? If it helps, we're not using an Exchange server.
I don't think the "cloud" adjective has much bearing on your situation. You're, basically, just asking if you can do a phased migration from one Active Directory forest to another (and, it just happens that your new forest is going to be hosted in some "cloud" server offering). Such a migration is absolutely feasible.
You're talking about a domain migration scenario. The Active Directory Migration Tool (ADMT) can do what you need. You'll maintain trust relationships between the old AD forest and new AD forest during the migration, and you'll need a DNS configuration that allows client computers to resolve names from both AD forests as you migrate.
The main advice I'd have would be to plan and test judiciously. Start with a test population of user and computer accounts and proceed cautiously. Once you've got the bugs worked out of your process you can move ahead more quickly. You shouldn't be in a hurry and you should test all your major applications post-migration before you move any production users and computers.
As an aside: I strongly agree with your move away from an AD domain name that matches your Internet domain name. I've ranted about it on here before and I'm glad to see you're moving away from what I consider a brain-damaged configuration.