I've asked this on MSDN with no responses, so i'll try here.
I work a lot with domain migrations and setting up mirrored domain environments. I've written my own applications for replicating domains/objects which works quickly and efficiently for all scenarios except one: the one where I need to replicate passwords.
I've written a password filter which works just fine, but I hate having to deal with the requirement that it be installed and managed on every domain controller.
I know it is entirely possible to programmatically copy the password hash from one domain to another as Quest Migration Manger for AD does it as does DirySync/AADSync (likely others). I avoid ADMT like the plague but I have used it and I believe it also can do this.
My inner geek wants to be able to write my own password migration code. I have no interest in dumping hashes, decrypting hashes, etc. I just want to FULLY migrate a user from one domain to another without having to drop a load of cash every time I want to do it.
Pointers?
ck