the domain name is the one sent by APM with session ID.
if you specify the domain is company.com, the following header will be send by your APM
Set-Cookie: MRHSession=a5978aebdc25a9436b7dd3eda381834f; domain=company.com;path=/;secure
The browser will send this cookie only if the target URL match the domain of it:
- test.company.com will match
- test.demo.company.com will match
The secure parameter of the cookie specify that the browser will send the cookie only on SSL URLs and not on HTTP URLs.
This cookie will be sent to every URL matching domain name... even if the web site is not protected by the APM.
Domain AD or company AD... it depends of the APM usage...