In principle I suppose it should be easy to migrate account information from one system to another. In fact, I could have made it *very* easy for myself. The current canonical source of account info on my network is NetInfo, running on what can respectfully be called an aging hunk of magnesium alloy. I could just have bound the Macs into the NetInfo domain for that. Easy way out but not the most effective. Every Apple developer I've ever spoken to says that NetInfo is going to die the death of a dead thing as soon as they get the chance, which may even be Tiger. So not futureproofed. OK, time to work out how to get the NetInfo info into Directory Services.
The obvious way is using LDAP, except that I'm no expert on LDAP. In fact, it's fairly fair to say that I have a minimal understanding. So I set the OS X network up to bind to an LDAP service provided by the OS X Server, but how to get the data in? I notice that Workgroup Manager (and indeed its command-line chum, dscl) can import and export data via a character-delimited format. This is where it gets better...I just need to convert the NetInfo data into that format.
We can do something more general than that. NetInfo includes the nidump command and its counterpart niload, so we can manipulate NetInfo data via the standard UNIX file formats. Great, so let's convert between UNIX and CDF. These perl scripts do so for passwd and group, now you just need to import the results into Workgroup Manager or dscl. Bonza. I've tried this on a live system (always the best way to test, IMHO ;-) and it works well.