cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee SNS ProTip for Drive Encryption: How to Migrate DE users from one domain to another

McAfee SNS ProTip for Drive Encryption: How to Migrate DE users from one domain to another

Scenarios may arise in your environment where domain migrations are necessary. This can be a challenging process and many factors need to be considered including Drive Encryption and user assignments.

Migrating Drive Encryption users from one domain to another can be accomplished by deactivating systems, migrating the user and machine accounts in Active Directory and deploying new McAfee Agents from a new ePO server in the target domain. Enabling Add Local Domain Users (ALDU) will ensure the users of the target domain are added to the migrated systems. Further details on possible issues and solutions are available in KB83802 (https://kc.mcafee.com/corporate/index?page=content&id=KB83802).

For more resources, visit the McAfee Knowledge Base (support.mcafee.com) and search for  Drive Encryption related KBs and visit the McAfee Drive Encryption Community at: https://community.mcafee.com/community/business/data/epoenc

To help you maximize your protection, McAfee SNS ProTips deliver troubleshooting, best practices and how-to tips with links in-depth KnowledgeBase resources. To subscribe to or unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.

Comments
robsara

This is a very timely post, however, I've found some challenges around this. It seems that ALDU does appear to properly assign the user, however, the PBA still references the old account and thus the automatic login attempts to log into their old account (as the username is the same in the new domain). I also found that even after removing the old account manually from the machine, the behavior doesn't change. How do you handle the ambiguity in the username field with PBA?

crathbor

Hi robsara,

How were the users account removed? Likely the system would need to be deactivated and decrypted prior to domain migration to ensure the old user accounts have been completely removed.

Version history
Revision #:
1 of 1
Last update:
‎02-11-2015 12:20 PM
Updated by: