With specific investigation of your old and your new configuration, and with some likely changes needed, yes, you can do this.
Why do I mention the need for work? There are binary values that can be or are written all over the disks, files, queues, devices, etc., that originate in these files, so you can end up having unintended access blocks, unexpected permits, and unexpected ownership.
If you're just looking to move users over (merge), I'd tend to move over the specific attributes over (username, salt, hashed password, directory, etc) with a duplicate check. (A MERGE/STABLE/NODUPL command can potentially be used here.)
But you need to be aware of the binary values of the identifiers (resource, subsystem, UIC, etc), and where these are used on your old and your new environment.
You'll need to weed out the usual collisions, as the old and newly-minted environments tend not to have the same UIC values for the common server accounts, for instance. Which means you need to pick one of the two UIC values (the one from the new environment tends to be the best choice here) and use that one. TCP/IP Services and DECnet, for instance, can have server accounts, as can many layered products.
It's not quite as transparent or as simple as it should be, if you're looking to deal with all of the pieces related to security.
Here's some related reading material:
http://64.223.189.234/node/169
