Performing an Active Directory Migration without Trust RelationshipsNovember 12, 2013
But when one company is acquiring only a portion of another company, like a subsidiary or division, the company that is selling off the business unit typically will not enable trust relationships to be set up between their AD infrastructure and the infrastructure of the acquiring organization. Their security policies likely prohibit them from doing so due to how they manage risk and govern regulatory compliance.
If you are accustomed to using Microsoft’s Active Directory Migration Tool (ADMT), having a trust relationship between the domains is required to perform the migration. ADMT does enable you to reduce your security exposure some by configuring it for selective authentication, which limits the access to your forest to a limited set of users in the other organization’s forest. However, if your security and governance policies disallow you from all trust relationships with outside organizations, then you will need to find an alternative to ADMT.http://www.binarytree.com/products/active-directory-migration/smart-active-directory-migrator.aspx
Binary Tree's SMART Active Directory Migratorsoftware can help you traverse this challenging migration scenario. SMART Active Directory Migrator can automate an Active Directory (AD) migration with or without trust relationships being in place. The software does not rely on SID history alone. If a trust cannot be established, the software console is installed in both the source and target domains and the migration is performed in the required domain independently of each domain.
Once the AD accounts (users, groups, workstations and servers) are collected and recreated in the target domain, the source domain workstations and servers are re-ACLed to support the newly created accounts of the target domain. At this point, the workstations and servers are migrated to the target domain. When the users log in to their workstations in the new AD forest, they find that their profiles, settings, and access to resources on the servers are all as they were in the source domain.