I’m using admt to migrate one domain objects into another forest in some OUs. I’ve noticed two problems.
1 ADMT doesn’t touch built-in groups at all – after migration user that were members of Domain Admins, users are just ordinary users.
Built-in group membeship is not migrated.
2 After migration workstations, shares that were shared for built-in groups from source domain are still shared for them – SID translation doesn’t work and in security tab there is always source domain name not target one (groups, users are already migrated). I’ve checked what is after removing trust between migrating domains – name is unresolved.