I have been working on the migration of our production domain policies from one domain to another....
Environment information
There are no trusts setup between the domains as per security requirement...however there is no port blocking. MDOP is not an option due to not being SA licenced.
Both domains are running 2K8R2 DFL and 2K8R2 FFL in a large enterprise environment. Security group objects/Accounts have been migrated successfully.
What I am wanting is some suggestions of what people have had success with migration of their Policies links and security included to other domains without a trust in place and/or tools including third party tools. The end Goal would be to get to a state where the policies can be synchronised (repeatable process). Due to the number of polices required to be migrated it would not be practical to migrate them individually.
Things that I have attempted with little success are using Migration tables to transfer the GPO's (SOM), modifying the XML file updating the GPO links.
The specific issues being experienced is that I can migrate the polices fine, but the GPO links and Security does not seem to come across even when using Migration tables? I am guessing this is due to the source domain not being able to be contacted for SID information?
References to Links of what has been attempted
http://msdn.microsoft.com/en-us/library/aa814145(v=vs.85).aspx
http://technet.microsoft.com/en-us/library/cc781458(v=WS.10).aspx
http://technet.microsoft.com/en-us/library/ee461027.aspx
I have not yet tested the below scripts mentioned but if anyone has please let me know with some examples if possible
http://blogs.technet.com/b/manny/archive/tags/group+policy/
Thank-you in advance,
Karl