CA PAM is not updating the domain name of of LDAP servers configured on the Third Party page. The domain name was changed for several servers and PAM can no longer connect to the servers. As a result, users in the changed domain are unable to login to PAM.
PAM is not currently designed to automatically change the domain of LDAP servers when they are changed in Active Directory. This will have to be done manually, and will likely require deletion and re-import of any groups imported for the original domain.