During environment maintenance there may be a need to change the domain credentials of the user used by the DLP Enforce Server. The user may be used for features such as LDAP lookup plugins or network discovery. This article provides a brief list of places to check to ensure that the domain user password is updated in all the necessary places to ensure seamless performance.

The domain credentials are stored in the following places:

1. Directory connections used for LDAP lookup plugins. Those can be updated in General -> Settings -> Directory Connections.

2. Stored Credentials used for features such as Network Discover or Endpoint Discover Quarantine response rules. Their configuration is available in System -> Settings -> Credentials.

3. Network Discover scans used to access network shares. If Stored Credentials are not used then user details can be configured manually per target and are stored in target configurations which can be found in Manage -> Discover Scanning -> Discover Targets -> Scanned Content tab.

4. Network Discover quarantine settings. Same rules as point 3 apply. The feature can either use stored credentials or individual user details per scan target. The configuration is available in the Protect tab of a Discover Target.

5. IDM profiles if the files are residing on a network share. Configuration available in each profile settings in Manage -> Data Profiles -> Indexed Documents.

6. Enforce to Cloud Proxy Settings if manual options is selected - available in System -> Settings -> General.

7. Users running the DLP services on the machines hosting the servers if domain users are configured. By default local service accounts are used. If domain users are set up then review the Symantec DLP services configuration in the OS to ensure that those are using new user details.