Jump to content


Site Assignment Question - Multiple Forests

Recommended Posts

Hello All,


I am hoping you can point me in the right direction with a complicated Site Assignment configuration.


I am deploying SCCM 2007 R3 across 3 forests that have a two way transistive trust between each. As per MS best supported practice, I will have a primary site for each forest, reporting up to a central site for Administration/Reporting. As per:





| | |



This is fairly straght forward if each forest has dedicated subnets. (e.g. Forest1:Site 1, 192.168.0/24, Forest2:Site1, 192.168.1/24), Each client would sit within their own subnet and automatically assign to the relevant Primary site.


The issue I have is one subnet may have clients from all three forests. So I may have a client in Forest 1 that assigns itself to another primary site because of its IP address.


What are the implications of this? My main concern is distribution point and policy gathering.


Will I need to manually assign the clients?





Share this post

Link to post
Share on other sites

mixing of site boundaries(duplicating site boundaries) may cause several issues to the clients and client may fail with site assignment process and receving policies as well.

I would prefer to go with IP address range as boundaries that gives good amount of tracking clients and aviod issues.

Share this post

Link to post
Share on other sites

I have been thinking a little more about my predicament, and think I have got my head around the process, and the implications I may face.


As an example, I will use the following:


Primary Site 1 (PS1)


Forest: ForestA.local


Primary Site 2 (PS2)


Forest: ForestB.local


Now say I have 2 clients that are physically located at ClientA is a member of ForestA and Client B is a member of ForestB. During site assigment, both clients will be assigned to PS1 due to the subnet location. Client A will gather this information from the AD schema, and ClientB will get it from the SLP.


My understanding here will be both clients will have full functionality once assigned from PS1, regardless of their Forest membership?


Now, when a client moves to, they will be using Regional Roaming, and be unable to access any resources in PS2. Is this correct? This is a pretty flat hierarchy where both PS1 and PS2 report to a CEN site.


My overall question is, does SCCM care forest membership for the clients, as long as they are trusted?


Thanks in advance,



Share this post

Link to post
Share on other sites

Hi Eswar,


Sorry I was adding another reply when you posted.


My site boundaries wont be overlapping, but I will have a number of duplicate subnets configured from AD Users and Computers between the forests.


My post above should go into a little more detail into my configuration. It isn't the easiest of setups due to the corporate structure.





Share this post

Link to post
Share on other sites

Right, think I have sussed it now. This article explains it pretty well:




Basically, if a client is not in the same forest as the site, it will need to contact the SLP. The SLP will be configured during client installation.


If they move to another site at the same level within the hierarchy, it will be unable to locate any content sources within the separate site.

Share this post

Link to post
Share on other sites



I've similar problem, because I use for my Sccm one primary server and 3 secondary, for patch managment in my site.

All server in my farm are part of 3 forests/domain, plus servers in workgroup.


The infrastructure is ok, but the problem occours during the deploy, because all server with SccmAgent point to distribution-point in primary server. On primary server there are Distribution point, Managment point, locator point and other. And I've a managment point to another site (secondary), and in all secondary there are distribution point.

I set the boundaries for have 4 different site-code (1 primary + 3 secondary). I tried to set in different method: Ip range, Ad-site and ip subnet. But the problem has remained.

The only Right boundaries are those without the agent, but that are part of the domain on which it rests Sccm, and this is a strange result.


Someone can give me an explanation?


thank you


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.