We were recently purchased by another company. Our domain is soon to become a resource domain, and we will subsequently migrate user accounts and then machines. I'm a bit concerned about this in relation to accounts associated with encryption. As the accounts are migrated I believe they will be lost to the machines if a LDAP sync is performed. Has anyone gone through this? Any recommendations on how to avoid potential difficulties along the way?
This is how I would do it.
Autoboot the machines during the migration period for that batch of machines and once they are migrated use the automatically add local domain users option for a while before turning off autoboot. This does require ePO to talk to the new domain and the old domain so I would test to make sure there isn't any funny business about syncing two domains in ePO.