Endpoint Encryption

 View Only
  • 1.  Domain/Forest Migration

    Posted Nov 20, 2018 01:45 PM

    Hi, I am going to be migrating all my workstations and SEE Management server to a new domain/forest. We are currently running SEE 11. Is there any documentation on migrating the SEE Managment server and the clients to the new domain/forest? Also is there any best practices or known issues with migrating? 



  • 2.  RE: Domain/Forest Migration

    Posted Nov 20, 2018 03:23 PM

    Hi,

     

    This might help:

    https://support.symantec.com/en_US/article.TECH178120.html

    Thanks!



  • 3.  RE: Domain/Forest Migration

    Posted Nov 22, 2018 05:58 AM

    Unfortunately, Craig's link is only applicable to SEMS and not SEE, and I am not aware of any Symantec documentation for this.

    Neither have I attempted this myself, but I'm pretty sure it's possible.  At a high-level, I would imagine the below would work:

    1. Setup additional SEE Management Server in new domain that is linked to existing DB (perhaps using SQL Auth, if trusts are not in place)
    2. Create/Amend routing, name resolution, service accounts to support new SEE MS for client check-ins, as necessary
    3. Issue "Change Web Access" command from existing SEEMS to tell clients to use new SEE MS details
    4. Migrate windows client from existing domain to new

    Obviously, that's taking a very SEE centric view of things.  If you're looking to rebuild your existing user-machines before adding them to the new domain, then you could treat it all as greenfield and go with entirely new and separated SEE estates.

    It's all up to you.

    I'd highly recommend you contact a Symantec Partner (such as ourselves) for your region, to ask about PS or advice in this.  And of course, do it in test first :)