Jump to content


blmclaws

Manage two domains with one SCCM server

Recommended Posts

I have been useing SCCM 2007 on one domain within a forest trust and want to be able to manage PC's on another domain. I know it can be done but can't seem to find the documentation I need to make it work. Can anyone point me in the right direction? I assumed that the a boundry needed to be created for the IP subnet so I did that. I created a SCCMUser account on the second domain identical to the one on the site server. I know it will need the client but not sure how to do that part. What else am i missing?

Share this post


Link to post
Share on other sites

Hi,

 

(I know this is a bit late, but maybe it will benefit someone else)

 

If a transitive trust exists between the to domains, you can definately join them.

If, let's say sccm is one domain, and you want to manage another domain, it goes without saying, that the Site server will need to contact the other domain. Thus it needs to discover resources from that domain, as well as publish to the system folder.

 

If you have a trust, you can turn on forest discovery, and specify accounts, that have admin rights on the respective domains.

 

There's no documentation, no.

 

I've succesfully setup a SCCM 2012 and prior to that a 2007 system, spanning two domains, but only publishing in one.

 

"I know it will need the client" , what exactly is meant by that?

It's only physical computers, that explicitly requires the clients, you don't even neccesarily need them on your site servers, or DCs to operate .

Share this post


Link to post
Share on other sites

We have about 8 domains connected -

Best way is have the trusts enabled

 

I guess the important thing is to ensure that you have all servers published in the DNS. Then run the client installer on the other machines use the commandline -

 

ccmsetup.exe /MP:%MP FQDN% SMSSITECODE=??? SMSSLP=%SLP FQDN% FSP=%FSP FQDN% SMSCACHESIZE=10 SMSCACHEFLAGS=PERCENTDISKSPACE

 

That's basically what we use - make sure any client patches have the same info -

 

Then you give your sms admin servers and accounts the same rights in each domain (basically domain admin),

 

If you have remote support then add those accounts/groups to the group policy for local machine admin.

 

I think that's about it.

 

Cheers

 

Gavin

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...