Thanks for the info Japke.
I will now test this key change on my end using the new 10.3.0MP3 client and server versions. The only thing that still bugs me, and really, the whole reason I want to change from GKM to SKM is because the GKM key will not automatically sync the AD password changes like the SKM key does. Most of the users have completely forgotten what password was set on this GKM key when they were first enrolled. Those users will need to have their current GKM keys deleted and be forced to re-enroll with a new SKM key policy.
I started noticing these problems when users’ machines were being serviced and reimaged. Some users were typing in their current AD password for the PGP enrollment passphrase and this would not work. Some users remembered their previous passwords but the ones that didn’t needed to be forced to re-enroll in order to create a new key. This is obviously a manual process that includes deleting keys and cached info on the local computer level. Lucky for me, I only have about 30 users currently using this GKM key, just want to get it converted ASAP.
Thanks for the info about the bug report as well. Take care.