Migrate PGP Desktop Users to new Active Directory Domain
search cancel

Migrate PGP Desktop Users to new Active Directory Domain


Article ID: 153287


Updated On:


Symantec Products


This article details the steps that need to be performed after migrating a PGP Desktop client using Single Sign-On to a new Active Directory domain.

After a domain user utilizing PGP Whole Disk Encryption as a Single Sign-On user is migrated to a new domain in Active Directory, the user is logged in to the previous/original domain after entering the passphrase at the PGP BootGuard screen. When logging off of the domain and logging on to the new domain, PGP Desktop does not load and displays a licensing error.



Use the following steps to enable PGP Desktop for a the user on the new domain. 

  1. On the client system, stop the PGP Services by clicking the PGP Lock icon in the tray and selecting Stop PGP Services.
  2. Delete the PGP Corporation folder from the C:\Documents and Settings\%username%\Application Data folder on the client system.
  3. Use the Windows Server Administration Tools or logon to a domain controller for the domain the user was migrated to.
  4. From Start>All Programs>Administrative Tools, open Active Directory Sites and Services.
  5. Expand Sites and the container that depicts the name of the site for the target server.
  6. Expand the Servers folder and then expand the server to show the NTDS settings.
  7. Select the NTDS Settings, right click a connection object for a target server in the right pane and click Replicate Now.
  8. On the client system, open Start>All Programs>Startup>pgptray.exe to initiate a new enrollment with the PGP Universal Server.
  9. The PGP Universal Server should enroll the client successfully with the correct domain credentials and allow the user to utilize PGP Whole Disk Encryption as a Single Sign-On user.