Try export UIDs and GIDs then change authentication method to Internal LDAP reconnect to ADS import UIDS and GIDs after modifying the exported csv files.

Test with users in Domain Groups not Local Groups as this will not be imported correctly for Local Groups. Also we do not have support for multiple Domains only in DSS version in new release 1.30 due in August of this year.

Also this issue could be related to trusted domains. Please try to synchronize clocks on all. The best if use NTP server for this. Then try again. If it fails, please try to disable trusted for tests.

Did you send this to support back in 6-13-07 and did you get back with them on your results?