locked
Question about MP affinity in a multi-forest scenario without AD publishing RRS feed

  • Question

  • I am looking at deploying an SCCM system that will feature multiple forests and the caveat of NOT being able to use any sort of AD publishing or schema extension. Knowing this, and that clients will use the MP residing in their forest by default...

    When AD publishing is not leveraged, will a client in a remote forest use the MP located within its forest?

    If true, does this become a single point-of-failure when the client can't communicate with the MP in its forest?

    Wednesday, March 18, 2015 3:25 PM

Answers

  • AD publishing does not affect affinity at all. AD Publishing simply provides a "boot strap" location method where a client can find an MP if it has no knowledge of any MPs in the site. However, the choice of which MP to use is never based upon this boot strap location from AD. Clients always query an MP to determine which MP to use (thus the need for the boot strap process otherwise you're stuck with chicken-egg).

    Also remember that this is just "affinity" and thus not truly guaranteed although in nearly all cases that I've seen/sued this, it does follow the affinity pretty well.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by SecOpsGuy Wednesday, March 18, 2015 4:28 PM
    Wednesday, March 18, 2015 4:08 PM

All replies

  • AD publishing does not affect affinity at all. AD Publishing simply provides a "boot strap" location method where a client can find an MP if it has no knowledge of any MPs in the site. However, the choice of which MP to use is never based upon this boot strap location from AD. Clients always query an MP to determine which MP to use (thus the need for the boot strap process otherwise you're stuck with chicken-egg).

    Also remember that this is just "affinity" and thus not truly guaranteed although in nearly all cases that I've seen/sued this, it does follow the affinity pretty well.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by SecOpsGuy Wednesday, March 18, 2015 4:28 PM
    Wednesday, March 18, 2015 4:08 PM
  • Thanks for your help, Jason (again). I am not following you though (with regards to my questions). I am not using AD publishing.
    Wednesday, March 18, 2015 4:15 PM
  • "AD publishing [or lack thereof] does not affect affinity at all."

    Thus yes, forest/domain affinity for MP use will still be honored without AD Publishing.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, March 18, 2015 4:20 PM
  • Great. Got it. Thanks for that clarification. Given your explanation I think that provides a "no" for my second question.

    Wednesday, March 18, 2015 4:27 PM