File Share Encryption

Hey guys,

I'm working for a bigger enterprise company with several sub-companies (sub-domains). So below of the global root domain I'm working for domain A which is designed as a shared service center in order to provide different services like Exchange, Enterprise Vault, Lync, etc. to the Domains A - Z
Now some domains asked for an encryption solution. Domain B got a ready configured PGP Universal server environment which is only used by domain B itself.

Is it possible to provide PGP from domain B to a different Active Directory Domain and what is necessary to do this?
What would be the requirements for this like domain trust and so on...

Thanks in advance.

Kind regards,
Chris

It is possible tyo set up additional managed domains on the PGP Universal (Symantec Encryption Management Server).  If communication is allowed between domains, you can also set additional LDAP server settings to manage credential lookups for both domains.

To add a new managed domain to PGP Universal server do the following:
Log in to PGP Universal Server.
Click Consumers > Managed Domains.
Click on Add Managed Domain and add the new domain information.

To add an additional server for LDAP lookups for Active Directory Sync, do the following:
Go to Consumers>Directory Synchronization.
Click Add LDAP Directory and enter the LDAP directory information.

I have a similar situation with a twist. Our companies have merged. We have an existing universal server in place supporting one domain/forest, lets call it "legacy.com" to help illustrate the issue. I have users in the other company, lets call it "newco.com".

We have a two way trust between the forests. I have credentials to connect to "newco". All users now have an email alias setup so that users in "newco" have a "legacy.com" email address. I can add "newco" users to the AD group that is used by the universal server for membership This AD group lives in the "legacy.com" domain.  The problem is while the group has members from the "newco.com" world they are not being picked up.  I can however add them manually in the gui which is ok for now given a small number but it will become a problem pretty soon. We have thousands of users to merge.

Thoughts anyone?

Regards

Brian

The server checks against the primary email address listed in AD, so if they have an alias as "legacy.com", they will not be matched.  If they have "newco.com" listed as the primary email address in AD, you should add "newco.com" to the list of Managed Domains.  If it is something else in the primary email address listed in AD (e.g. "newco.local"), then that would need to be added to Managed Domains.

If the global directory that you have set up for the AD Sync contains the new users, then no other changes are needed.  If not, you will need to add another LDAP Directory, which should contain those users.  Be sure the Bind DN you are using has access to that LDAP directory as well.