I am doing a migration from one domain to another. Part of this will involve migrating the servers from the old to the new domains (the files themselves are staying on the same servers - it is the servers that are migrating). I realize that the normal way to do this is with ADMT or similar tools that employ trusts between the source and target domains. In this case however I will be unable to create trusts between the domains. I'll spare you the gory political details, and merely repeat that creating trusts are out of the question.
I do have full permissions over the servers being migrated (~30 of them) and to the target domain, however I have limited access to the source domain. In particular, I have ZERO direct access to the source domain controllers beyond a normal user - although I do have admin permissions over the OU's related to my portion of the organization.
With that as the starting point, what are some recommendations for how to migrate file system ACL's from the old domain to the new domain on the existing file & application servers? My understanding is that because I have no trust that I cannot really migrate SID history.
Is there an easy way to extract the SIDs from the source domain and create a mapping file to the new domain and then apply that to the servers?
Thank you in advance for your assistance!