If you could get the new domain up alongside the old, you could get the sid's from the old domain to the new users on the new domain.
sid-history can be real nice when the old UID shows up on the new server, so the ressources the UID had before will stil be available.
Then again, maybe in your situation it is a little overdoing it, if the only ressources you need to migrate is fileaccess.
We migrated around 40K users on my university in the last year or two, all with sid history (admt), but actually we just decided to wipe them all, since they are creating some annoying issues for certain applications (nilex/vcenter) etc. And in the end, having sid history, is really also tying one in the old environment, which we should really just migrate to our new domain anyway.
So, build your new domain, make all your file permission groups.
If you could make a trust to the old domain, you could allow users from there (or groups) acces through the new domain aswell. Untill you have everything settled and you can disconnect the trust, and do away the old domain.
There are more than one way to your goal, the question is how much you want to disturb your users. With a trust, you could migrate everyone slowly but without much fuss for the users, and take one at a time.
Also there is the nifty tool in windows 7 if you are running that, "windows user migration tool", you can save ppl's profile,to a share, and import it after you joined the new domain, to keep all settings and make them use the new domain. Just go to advanced when you import, and match your user with the new domain. I used that alot over the years with great success.