you can move machines between EPO's - the machine will repopulate the recovery key when it connects. you CAN NOT move users though, or user relationships - you would need to set them up again (with new passwords etc).
So I expect as you say, it's going to be a lot of legwork, but no more than many other things you're going to have to do I expect.
Actually, if you have ALDU enabled for the migrating machines and the users have logged into the machines at least once so that they have a valid profile then the users should re-add themselves when the machines check into the new server. We used this method to migrate about 5K machines and users between domains when our company split last year.
true - but they will add themselves with default passwords still...
Our method was:
1) Disable preboot since we were going to have to do several reboots during the migration anyway
2) Migrate machines to new domain
3) enable preboot a couple of days later once users were on new domain.
Preboot then picked up the users current password from windows when we turned it back on.
The client PCs and laptops ar not moving domains. they will remain in their current domains. The requirement is to provide a centralised and shared server resources in the new data centre in the shared resource AD forest.
How can EPO look at multiple AD forests?
ALDU is already in use. Is it necessary to to disable preboot if the client PCs are not changing domain?
Sounds Like I am going to need McAfee PS on this one.$$$$$
Sorry for not being clear. There were two ePO servers involved, one on each domain. I thought it was relevant to your question as we did move from one ePO server to the other with no issues using the method I described.
The question would then be, how would the ePO server integrate with your AD? If your AD(having multiple forests) could integrate seamlessly with your ePO, then I don't see much of an issue specially with ALDU enabled.