I'm going to say roughly the same thing as Jason Berg, but I'm going to put more detail and emphasis in the DNS part, because none of this will work without good DNS resolution on both the servers and client computers in the Windows 2000 Active Directory domain and the domain controllers in the Windows Server 2008 Active Directory domain.
If you can create a DNS situation that allows client and server computers in the W2K domain to resolve the name of the W2K8 domain domain controller computer(s) then you can proceed with creating a trust relationship and ease into your domain migration.
Hopefully you're hosting DNS on your Windows 2000 Server domain controller computer(s), and hopefully that's what your client computers are using for DNS. Unfortunately, the Windows 2000 DNS server doesn't allow for conditional forwarding of non-authoritative zones to another DNS server like the Windows Server 2003 DNS server does. If your W2K8 DNS server can resolve Internet names, just set the W2K8 DNS server as a "forwarder" on the W2K DNS server. If not, then you might consider creating secondary zones for the W2K8 domain and its "_msdcs" child domain on the W2K DNS server (but that's more work).
On the W2K8 side of the house, just create a conditional forwarded for the W2K domain's name to the W2K DNS server and you're in business.
Once you can resolve the fully-qualified domain names of the domains and domain controllers in the other domain from a domain controller in both domains then you can proceed in creating a trust relationship.
Just like Jason Berg says, a one-way, outgoing, external trust is what you're looking for in the W2K8 domain. Don't bother trying to create it until you've got good DNS resolution.
Once you've done this you can name users (and, potentially groups) from the W2K domain in permissions on the W2K8 domain. User accounts from the W2K8 domain can also be used to logon to client computers in the W2K domain (and Group Policy specified in the W2K8 domain for users will apply! You can't apply any computer Group Policy from the W2K8 domain to computers joined to the W2K domain, though.)
If you want to create a two-way trust and use tools like the ADMT you certainly can. The one way trust will get you up and going for naming W2K domain security principles in permissions in the W2K8 domain, though.
Best Answer
As others said, you can't really do this. The cached credentials wouldn't be of much use anyway - as far as I know the only thing of much interest are the usernames and passwords and they are held using a different hash from the one on the directory so you can't reimport them.
User SIDS will be recreated in the new directory anyway, sort of by definition. If you want to import users from another domain so they keep their security rights you need to use the regular import tools. But you won't have those cached on the PC anyway. So you will need to (re)grant your users access to whatever domain resources they need.