locked
SCCM 2007 and 2012 coexistence and Cross Forest support RRS feed

  • Question

  • Hi All

    I have a question

    My company has recently acquired another company
    That company exist of 2 forests (forest A has one domain namely domain A : and forest B has one domain namely domain B) with a two way forest trusts between them
    Domain A has a SCCM 2007 primary Site
    Domain B has a SCCM 2007 primary site and 2 secondary Sites
    The active directory schema is extended in both domains

    We cannot migrate the SCCM 2007 environment because it is a mess , so we want to build a new SCCM 2012 R2 environment into Domain B and from that environment manage both domains  (OSD, software deployment client management ...)
    We want to install a SCCM 2012 R2 (CU3) primary server into domain B and add two distribution points instead of the two secondary sites and manage both forests (domain A and B) from that primary site server

    Now my questions are
    1 )
    Can an SCCM 2007 environment coexist with a SCCM 2012 environment?
    I believe it can If I make sure that in the new SCCM 2012 environment we only use boundary groups for content locations and not for site assignment and in the SCCM 2007 environment (domain A and domain B) I need to disable the client push account.
    2)
    Discovery , How do we make sure that systems and users are discovered from both domains?
    Do we need to do some additional configuration to make that happen or will this be no problem because of the Two way trust and active directory schema extension.
    3 )
    Can we do all the management from the new SCCM 2012 R2 site , also OSD deployments for both domains ?

    I hope someone can help me with these questions
    Thanks in advance
    Regards

    Johan

    Wednesday, January 7, 2015 8:51 AM

Answers

  • #1: sure. Overlapping boundary/groups for content location are supported; boundary/groups for site assignment not.
    #2: just configure discovery
    #3: sure.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 7, 2015 9:57 AM
  • 1. Correct do not enable boundaries for site assignment.

    2. Here's a great set of articles that explain how to deploy cross-forest 

    http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx

    3. Yes this is possible one you set up connections to the domains.


    Cheers

    Paul | sccmentor.wordpress.com

    Wednesday, January 7, 2015 9:58 AM
  • Not 100% sure, but forest discovery should add them. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 7, 2015 10:43 AM
  • It depends, when you want to publish details in both domains/forests then provide FC on Sys Mgt container on both domains/forest. But in a scenario, when you've 2 Forests (domain suffix) present in AD forest pane then your site server will use respective AD Forest Account/s (specified in each domain suffix properties) to publish the details into respective domain/forest.

    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Wednesday, January 7, 2015 11:45 AM
  • "Listen"? Clients don't listen to MPs, but contact them in order to download/upload stuff. 
    This does not cause issues. 

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by Johan Erven Thursday, January 15, 2015 3:15 PM
    Thursday, January 15, 2015 11:14 AM
  • Yes this will be managed from the Primary. The secondary will just ring fence traffic for you to cut down comms over the WAN.

    Cheers

    Paul | sccmentor.wordpress.com

    • Marked as answer by Johan Erven Wednesday, January 28, 2015 1:37 PM
    Wednesday, January 28, 2015 11:02 AM

All replies

  • #1: sure. Overlapping boundary/groups for content location are supported; boundary/groups for site assignment not.
    #2: just configure discovery
    #3: sure.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 7, 2015 9:57 AM
  • 1. Correct do not enable boundaries for site assignment.

    2. Here's a great set of articles that explain how to deploy cross-forest 

    http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx

    3. Yes this is possible one you set up connections to the domains.


    Cheers

    Paul | sccmentor.wordpress.com

    Wednesday, January 7, 2015 9:58 AM
  • Thx Paul Torsten

    One question pops up

    Will both forest's (because of two way trust) automatically be populated in the administration - hierarchy configuration - active directory forest pane : or only the one where the SCCM 2012 R2 site server is located and do I need to add the other forest manually

    Thank in advance

    Regards

    Johan

    Wednesday, January 7, 2015 10:39 AM
  • Not 100% sure, but forest discovery should add them. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 7, 2015 10:43 AM
  • Thx again

    Is it also best practice to add the site server account the FC right on the system management container in both domains ?

    Regards

    Johan

    Wednesday, January 7, 2015 10:58 AM
  • Thx Paul Torsten

    One question pops up

    Will both forest's (because of two way trust) automatically be populated in the administration - hierarchy configuration - active directory forest pane : or only the one where the SCCM 2012 R2 site server is located 

    In my experience, CM 12 will add the forest where the SCCM 2012 R2 site server is located. When you add a remote site system server from different forest then the forest will get automatically added in AD forest pane. 

    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Wednesday, January 7, 2015 11:00 AM
  • Is it also best practice to add the site server account the FC right on the system management container in both domains ?

    It depends. Either use the account of the site server or a publishing account. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, January 7, 2015 11:15 AM
  • Hi Thorsten thanks again

    But do I need to add the "site server or a publishing account" the FC rights on both domains or only the domain where the site server is located.

    regards

    Johan


    • Edited by Johan Erven Wednesday, January 7, 2015 11:35 AM forgot something
    Wednesday, January 7, 2015 11:34 AM
  • It depends, when you want to publish details in both domains/forests then provide FC on Sys Mgt container on both domains/forest. But in a scenario, when you've 2 Forests (domain suffix) present in AD forest pane then your site server will use respective AD Forest Account/s (specified in each domain suffix properties) to publish the details into respective domain/forest.

    Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

    Wednesday, January 7, 2015 11:45 AM
  • Hi All

    One more question pop's up.

    Will we have problems with the management points , or will the SCCM 2007 clients not listen to MP point created for the SCCM 2012 environment and will SCCM 2012 clients not listen to SCCM 2007 MP points

    I hope someone can help me with this question 

    Thx in advance

    Regards

    Johan

    Thursday, January 15, 2015 10:50 AM
  • "Listen"? Clients don't listen to MPs, but contact them in order to download/upload stuff. 
    This does not cause issues. 

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by Johan Erven Thursday, January 15, 2015 3:15 PM
    Thursday, January 15, 2015 11:14 AM
  • Thx thorsten

    You are right "listen" was not the correct word but contact is

    So a SCCM 2007 client will not contact a SCCM 2012 MP and visa versa if I understand you correctly

    Regards

    Johan 

    • Marked as answer by Johan Erven Thursday, January 15, 2015 3:15 PM
    • Unmarked as answer by Johan Erven Thursday, January 15, 2015 3:15 PM
    Thursday, January 15, 2015 11:18 AM
  • Hi All

    After talk with management and local support the decision is made not to deploy only distribution points but instead deploy secondary sites (of course with management point and distribution point) because the bandwidth to these sites is a problem.

    So the situation will be Domain A Primary site (SCCM 2012 R2) and for both remote locations a secondary site , domain B a secondary site (of course all the related ports need to be opened for both domains as explained here https://technet.microsoft.com/en-us/library/hh427328.aspx )

    Question 
    Can we do all the management from the new primary SCCM 2012 R2 site (domain A) , also OSD deployments for both domains A and B ?

    I hope someone can review this

    Thx in advance

    Regards Johan

    Wednesday, January 28, 2015 10:47 AM
  • Yes this will be managed from the Primary. The secondary will just ring fence traffic for you to cut down comms over the WAN.

    Cheers

    Paul | sccmentor.wordpress.com

    • Marked as answer by Johan Erven Wednesday, January 28, 2015 1:37 PM
    Wednesday, January 28, 2015 11:02 AM
  • Thx Paul for the quick answer

    Regards

    Johan

    Wednesday, January 28, 2015 1:37 PM
  • Hi All

    As explained in my quenstion we do not want to migrate everything to the new environment (because it is a mess) but we want to use the Migration Functionality from SCCM 2012 to migrate some packages.

    Is it possible to migrate some packages from the SCCM 2007 environment in domain A to my new SCCM 2012 environment in Domain B ? 

    Thx in advance

    regards

    Johan

    Friday, March 13, 2015 9:23 AM
  • The secondary will just ring fence traffic for you to cut down comms over the WAN.


    ... keep in mind that clients also have to contact the primary for client registration.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, March 13, 2015 10:15 AM

  • Is it possible to migrate some packages from the SCCM 2007 environment in domain A to my new SCCM 2012 environment in Domain B ? 


    Sure. 

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, March 13, 2015 10:16 AM
  • Thx Thorten

    In the port design I've added that clients from both domains need to contact the primary site server (port 80 if I am correct)

    regards

    Johan

    Friday, March 13, 2015 11:26 AM
  • Hi Thorsten

    Thx for the quick response

    Regards

    Johan

    Friday, March 13, 2015 11:27 AM