Can Defender be moved to a new domain?
What are the steps to move an existing Defender installation from one domain to another?
1. Gather the current license information:
- Obtain the current licensing information in order to import these licenses to the new domain, you may need to contact our licensing team to get the correct license format for the current version of Defender which will be installed in the new domain.
- Click here and fill the form to request assistance from our licensing team. You can choose the option "Request a license key for a new version or upgrade" and select "Defender" for the product.
2. Will this be a migration of an existing Forest? Or a new domain in a separate forest?
For a new domain in new separate forest:
- The schema must be updated for the new domain and the Defender OU created in AD (which is part of a new installation in the new domain).
- A Defender Security Server must be installed and configured in the new domain.
If you plan on moving existing servers to a new domain where the AD schema update and objects exist, then the Defender Security Server configuration must be updated with the new Domain Controllers to be used for LDAP authentications and define a new service account for the new domain.
- You should also verify that the permissions are correct or run the delegation wizard to assign the new service account permissions in the new domain. Click here for the KB article with steps on adding delegate permissions.