My company is currently in the process of migrating. We currently only have one root .local domain, but need to create 3 subdomains below this for different security requirements.
So each subdomain has it's own users, computers and printers but still they can share distribution lists and security groups (universal security groups). If we choose the default security groups wisely, roaming users won't have any problem logging on in a different office. This is our end goal.
We will be using ADMT v3 (since we have a 2003 forest only) and the migration guide v3migGuide which outlines the steps needed for intraforest restructuring.
But a problem I have found is that you cannot convert say, global groups into universal groups when those globals have other global groups as members. Of course we have many groups that are nested, but need to migrate these from the root domain to the subdomain so users can access resources and logon from anywhere they might be travelling to a remote office etc. Or should the groups be left in the root domain and only the users migrated? I think we would still need to convert the groups to universal for this to work anyway...
Maybe I'm not understanding the whole thing properly, but can someone please explain how to best accomplish the above?