System Center Configuration Manager TechCenter >
System Center Configuration Manager Forums
>
Configuration Manager Setup/Deployment
>
Multiple Domain Environment
Multiple Domain Environment
Hi,
I will be shortly looking at setting up SCCM for another company of ours, they have two domains kccc.local (172.16.1.0/24) and incontact.local (10.0.0.0/13). What i'm wanting to know is how can I manage both domains using the one installation of SCCM?
Would I be looking at a central site with a child primary in each domain?
Thanks.
Answers
- This article covers that scenario: http://technet.microsoft.com/en-us/library/bb694003.aspx
- Marked As Answer bymartyncoup Thursday, November 05, 2009 7:59 AM
- Are you talking about distinct domains in distinct forests or within the same forest? By the names I would think there are two distinct forests involved. If that is true, then you must also be able to determine if there is a trust between the forests. Separate domains and separate forests are two different issues.
When reading through that article recommend by Torsten and deciding your course of action, make sure you have made that distinction.
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys- Marked As Answer bymartyncoup Thursday, November 05, 2009 8:00 AM
All Replies
- This article covers that scenario: http://technet.microsoft.com/en-us/library/bb694003.aspx
- Marked As Answer bymartyncoup Thursday, November 05, 2009 7:59 AM
- Are you talking about distinct domains in distinct forests or within the same forest? By the names I would think there are two distinct forests involved. If that is true, then you must also be able to determine if there is a trust between the forests. Separate domains and separate forests are two different issues.
When reading through that article recommend by Torsten and deciding your course of action, make sure you have made that distinction.
Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys- Marked As Answer bymartyncoup Thursday, November 05, 2009 8:00 AM
- Yep distinct forests, I am waiting to hear back from the admins to find out if trust is setup, if not then we can sort it out no problems.
Thanks for the input guys. - Hi Martyn,
Here where I work we have both our corporate domain and our public network (Libraries, Youth Centres etc) managed by SCCM.
Both are separate forests, with completely separate IP ranges and SCCM works brilliantly with them both.
Basically I had to put a new primary site in the Public network and then configure the senders with accounts in the opposite domains then made it a child site. Job done :)
Information re: collections and advertisements flow fine, I can report from the central site on the child site and distribute software across both sites.
The only thing that I'm not sure on at the moment is if I create a collection on the public site, I don't see it replicate up to the central, but I do see collections on the central replicate down to the child, this may be by design, I haven't looked into it yet as I only noticed it the other day.
Also... at the moment I have to log onto the server in the other domain if I do want to do anything with the console direct on the public site as I can't connect direct to the site server with the console from the corporate domain as it says "The user is not authorized to connect to this server", presumably since I'm logged on with my corporate account, which the public network has no idea about.
Not something that is overly pressing as the majority of the admin is done from the central site and replicated down, but again noticed it when a collection was created on the child site and not replicated up, meaning I have to manage the child site directly to administer that collection.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on....... ... I don't see it replicate up to the central,
#1: that's by design. Collections are not replicated up, only down.
[...]
"The user is not authorized to connect to this server", presumably since I'm logged on with my corporate account, which the public network has no idea about.
#2: it's just a matter of security permissions (and maybe firewalls or other restrictions).- #1 I thought as much :)
#2 All ports needed are open, but the security on the child site is set by being a member of the local server groups and sccm permissions, which since the two domains don't have a trust, I can't add my corporate account into the needed groups on the local sccm server on the child site (SMS Admins group)
Like I say, not a big issue as most work is done on the central site and replicated down. I think I'm going to publish the SCCM console using Terminal Services so that I can access it on the corporate network easily.
Apart from that, creating the whole Central - Child over two domains/forests wasn't the nightmare setup I thought it would be.
Cheers,
SB
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx If you don't ever patch anything, for god sake make sure this patch is on.......
