The PES service needs to be installed on the source domain.
However, it relies on keys generated on the target domain.
So, on the machine running ADMT, execute this command to create the keys:
admt key /option:create /sourcedomain:domain.com /keyfile: peskeys /keypassword: password1
Move the resulting key file to the DC in the source domain.
Download PES from http://www.microsoft.com/en-us/download/details.aspx?id=113070 (x86 version)
or http://www.microsoft.com/en-us/download/details.aspx?id=1838 (x64 version)
Double click the exe file to start the installation. You will need to provide the path for the key file. You will also need to provide a service account. Although you can use the Local System account, if you run it as a domain user from the target domain you can avoid having to add the Everyone group and Anonymous Logon group to the Pre-Windows 2000 Compatible Access group.