Symantec Privileged Access Management

 View Only

 We are thinking of updating to Windows Server 2019.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted May 16, 2023 04:41 AM

CA Privileged Access Manager 4.1.2

Currently, we are setting up the existing AD management target device "WindowServer2012"
so that automatic connection and password display can be performed with the WindowsRemote connector.

This time, we plan to abolish this existing device "WindowServer2012" and introduce a new "WindowServer2019".

We are considering making the IP address of the target device the same as the existing one by the following method,
but if the IP address is the same, is it possible to use the existing CAPAM settings as they are?
Are there any other settings that need to be changed?

・Windows 2012 IP is IP-A
・Windows 2019 IP is IP-B

We consider construction and migration as follows.

1. CAPAM is IP-A and WindowsServer2012 is set.
2. Build Windows Server 2019 with IP-B.
3. Power off Windows Server 2012.
4. Change IP-B of Windows Server 2019 to IP-A.
5. From CAPAM, connect to WindowsServer2019 with IP-A.


Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Hello, This looks like a good procedure. No configuration needs to change in PAM, if the device address configured in PAM remains the same. PAM doesn't interact with the Windows OS, only connects to the Active Directory listener ports (389 or 636, or possibly the global catalog ports 3268 or 3269). There should be no problem with PAM connecting to the new domain controller after the switch.