Objectives: Customer has one AD 2003 forest and would like to migrate to new Windows 2008 AD forest. All resources from the source AD 2003 forest will be migrated using the ADMT 3.1 tool with SID history to the target windows 2008 forest.
After setting up the trust relationship between the two forests, customer was able to migrate users and computer accounts with no problem.
The major issue customer encountered is that after the user account get migrated to the windows 2008 forest user cannot access old resources in the old windows 2003 source forest. In order for the migrated user to access old resources the ACLS must be manually configured on the user account in the target forest.
We do not know why ADMT is not re-applying the ACLS on the migrated user. Any idea?