I am doing this in a lab currently to flush out the 'gotchas'. I have (2) forests, test.com and newtest.local. Both with W2003 SP2 and Exchange SP2. Users have logon scripts and roaming profiles. I have an XP machine joined to both domains to test the clients before/afterwards.
I have been following the migration guide, and setup a 2-way trust...
Installed ADMT on the target server and created an encryption key. I then ran the PWDMIG.msi on the source server and used the previously mentioned key. Rebooted the server and started the password export services. When I went to migrate my test users with passwords, I got an error something like "unable to create session...the local domain doesn't have an encryption key"
As I mentioned above, seemed to do everything by the book and set the reg entry for allowpasswordexport (or whatever it is) to "1".
Anything I am missing?
I plan to do the migration in the order it is in the drop down menu, then the file migration tool and then exchange mailbox (exmerge)