none
SCCM Schema Update for untrusted domain? RRS feed

  • Question

  • Hi,

    I'm looking for some clarification regarding AD schema updates for SCCM.

    I am planning an installation of SCCM CB which will include clients in both the local forest and a untrusted forest.  The untrusted forest will host a site server installed with the Management and Distribution Point roles.

    I know that the forest in which the site is being installed requires a AD schema update to support installation of SCCM.

    Does this requirement also apply to the untrusted forest - i.e. do I need to update the AD schema here also?

    I am assuming so, but if this is not a requirement what is the impact of not doing this? (any reduced functionality etc..)

    Many thanks,

    Phil

    Tuesday, September 17, 2019 3:40 PM

All replies

  • The untrusted forest will host a site server installed with the Management and Distribution Point roles.

    That's not a site server, that's a site system. A site server explicitly defines a new [primary or secondary] site. Site systems extend an existing site and host roles for that site.

    Also note that unless this forest manages remote systems or is segregated from the main network, there probably is no reason to install a DP. Also, an MP is only truly required if you will be targeting users with Application or Package deployments.

    I know that the forest in which the site is being installed requires a AD schema update to support installation of SCCM.

    This is not actually required. It's highly recommend because it enables clients to easily locate the site and perform some configuration, but it's not required.

    > Does this requirement also apply to the untrusted forest - i.e. do I need to update the AD schema here also?

    Kind of the same answer as above. If you want to enable the ability for clients to locate the site and perform some configuration, then you should do this in both forests. It doesn't really make sense to do this in only one forest.


    Jason | https://home.configmgrftw.com | @jasonsandys


    Tuesday, September 17, 2019 4:25 PM
  • Thank you for taking the time to reply (and for pointing out my error in terminology!).

    I cannot see why I would not want clients to be able to 'locate the site and perform some configuration' so I guess you have answered my query!

    Best Regards.

    Tuesday, September 17, 2019 8:30 PM