We are currently in the process of migrating user to a new domain. This is done using the ADMT migration tool and works perfectly, moving the SID and group permissions etc with it. It doesn’t however, update SharePoint with the updated permissions.
Once an incremental User Profile Sync is completed, the user account is renamed to the new domain name. (note in this environment we use claims based authentication meaning the user account shows as i:0#.w|domain\username)
Things like the user’s mysite can no longer be accessed, as the security is based on the old account.
The MOVE-SPUSER command will migrate the permissions from the old account to the new. Below are the steps that worked for us. I also wrote a PowerShell script to allow migrations to be completed in bulk as user accounts were moved.
$u=get-spuser –web http://sharepointsite –id i:0#.w|olddomain\username
move-spuser –ignoresid –identity $u –newalias i:0#.w|newdomain\username –confirm:$false
This updated all site permissions replacing the old account with the new one.
