When migrating the DLP Enforce Manager Application server from one domain to another domain. This will involve changing the FQDN suffix from the old to the new domain.
Are there any specific steps and settings needed to check/validate from the application side to take care of during this activity?
Release : 15.x
Component : Enforce Server
Updates are required for DLP platform to continue to function as expected on new application server with new domains.
1) Edit the krb5.ini file to change the olddomain.com to the newdomain.com realms and domains
Note: before any changes on krb5.ini file:
Stopping services in DLP 15.1 and later
Starting services in DLP 15.1 and later
2) Review AD based lookups (creating a new directory connection and switching over the domain used with plugins)
3) AD User Groups (For AD User groups reuse the existing directory connection where possible but review if some changes in this area are required)
4) If any discover scanning using domain accounts are in use (changing the username on credentials within the credential vault might be required). For AD lookups it would be depending on how the migration occurs.
5) Upon new use of domain, generation of new certificates for browser use with new domain when logging into enforce may be required.
*For best practice and a review of "gotchas" when configuring AD Authentication, see Configure Active Directory Authentication for DLP (broadcom.com).