You must upgrade the domain to version 10.2 HotFix 2 before you convert the domain to use Kerberos cross realm authentication.
You must also import user and group accounts from the Active Directory global catalog into an LDAP security domain. When you import accounts, existing accounts in the LDAP security domain, which use the samAccount name attribute, are deleted and are replaced with new accounts that use the user principal name attribute.
Users log in to Informatica clients with the fully qualified user principal name, which is in the following format:
<user name>@<KERBEROS REALM NAME>
After you import the user and group accounts, assign privileges, roles, and permissions to the accounts.