I am looking at doing a cross forest AD migration from SBS 2003 to SBS 2011. I have a new server that runs SBS 2011 with a new domain name and am looking at moving all the user profiles from say old.local to new.local.
There's only around 12 users so this is not a big move.
I was going forward with using ADMT, and upon setting up trusts between SBS 2003's forest and SBS 2011's forest I found out SBS 2003 does not support trusts with other domains. It therefore appears I cannot use ADMT as it tells me "ADMT is unable to connect to domain controller" "Access is denied. (0x80070005)" which I believe is due to cross forest trusts.
The reason I wanted to migrate AD was that I was under the assumption with migrating AD I can preserve the user's SIDs and therefore when they log on their PC in a new domain they will use the same user profile on the PC after a domain change. All of their Desktop/Documents/Settings/Etc will not have to be copied between profiles under C:\Users. I also don't like having profiles names under C:\Users\ such as 'account' and 'account.new' which you get when a users logs in with the same account name but new SID to my understanding.
I only need to copy users as the Security Groups have been completely redone, and Exchange mailboxes I can do manually between the servers with export/import (unless there's a faster way).
Is it possible for me to migrate all the users between the servers? Or should I simply recreate the user accounts on the new server and manually copy their profiles at all of their desktops?
I might suggest a migration of AD from SBS 2003 to SBS 2011 rather than just migrating security principals (retaining the existing AD domain rather than migrating to a new AD domain). Microsoft has documentation to assist in doing this, but I've found the SBS kits at www.sbsmigration.com are rather inexpensive and easier to follow than Microsoft's documentation.
http://www.sbsmigration.com/pages/selected_kit/SBS-6/230/
http://www.microsoft.com/download/en/details.aspx?id=14570