AD migration of users & groups - best practice?

Hi, because of AD reorganization, AD users and AD groups are recreated in new domain. We need to migrate users / groups in SharePoint farms (SP2010, SP2013).

• for AD users: Move-SPUser requires SPUser object, not oldLogin like DOMAIN\user (technet documentation seems to be invalid). It's time consuming finding related SPUser object in farms. stsadm -o migrateuser works fine with loginnames, same for $farm.MigrateUserAccount. I figured out that the commands does not take care about authentication method. In case that different authentcation modes (e.g. classic and claims) are used, commands needs to be run multiple times with proper loginnames (With and without claim prefix).
• for AD groups: There is no PowerShell-CmdLet. stsadm -o migrategroup and farm.MigrateGroup are working fine, but I figured out that I need to pass the SID instead of group name. SID also used as tp_Login in userInfo table.

Is this expected behaviour? Has someone experiene with this topic?

-- Joachim