Written by Abdul Jalil Abou Alzahab

How to Allow ConfigMgr to manage Multiple AD forest.

Scenario:

The current environment contains two active directories sites in diffrent forests with domain name LocalDoman.com and RemoteDomain.com.

Introduction:

Configuration Manager 2007 clients on the intranet use Active Directory Domain Services as their primary method of service location and configuration. If you have clients that reside in a separate forest, they will not be able to retrieve information that is published to Active Directory Domain Services by their assigned site server.

For these clients to be managed, you must ensure that alternative methods are available for the
following:

  • Site compatibility check to complete site assignment
  • Service location for management points, and the server locator point if this is
    not directly assigned
  • Native mode configuration

Note: Native mode is optional and not required.
To successfully deploy SCCM client and allow SCCM server to manage multiple AD
forests, we should do the following configuration:

  1. Configure Boundaries correctly to allow CCM client agent distribution to clients in LocalDomian.com.
  2. Configure Push Installation method switches in the client installation properties to allow clients in LocalDomian.com to find SLP.
  3. Configure Discovery method to allow ConfigMgr Server to discover LocalDomian.com.
  4. Add Server Locator Point “SLP” to ConfigMgr site system role.
  5. CCM Admin account should be local admin for client computers in LocalDomian.com.
  6. Publish SLP Manually in WINS

Solution:

Configure Boundaries:

In Normal scenario it’s recommended to configure Active directory Site as boundaries to install CCM Client, but with this configuration all computers which is located in another forest will not be able to receive CCM client agent from ConfigMgr Server because it’s out of boundaries.

In this case we have to configure “IP Subnet” or “IP Address Range”, to allow Clients in LocalDomian.com to receive client agent.

Discovery methode:

To discover LocalDomian.com domain we have to make sure that sure that Active Directory System discovery is configured with LDAP://DC=LocalDoman,DC=COM LADP path. Then run discovery and check adsysdis.log to confirm if it is able to search the domain in other forest.

Add Server Locator Point:

Server locator points are used in a ConfigMgr hierarchy to complete client site assignment on the intranet and help clients find management points when they cannot find that information through Active Directory Domain Services.

So we need to add Server Locator Point to Site System role.

Configure Push Installation Methods Switches:

It would also help if you add the following switches in the client installation properties, especially SMSSLP switch as clients in the other forest won’t be able to find SLP in their forest.

DNS and NetBIOS Name resolution should work between forests for this to work.

Switches:

SMSITCODE=S01 SMSMP=ConfigMgr.RemoteDomain.local SMSSLP=ConfigMgr FSP=ConfigMgr

Note: Please change switches according to your ConfigMgr settiges:

S01 = Your Site Code

ConfgMgr = ConfigMgr server name

Publish SLP Manually in WINS:

To resolve this issue, manually add an SMS_SLP record and an SMS_MP record to the Windows Internet Name Service (WINS) database. To do this, use the following method:

To manually add the SMS_SLP and SMS_MP records to WINS in Microsoft Windows Server 2003 for LocalDomian.com domain, follow these steps:

1- Click Start, click Run, type cmd, and then click OK.

2- Type the following commands at the command prompt, and then press ENTER after each command:

  • netsh
  • wins
  • server

3- Add the SMS_SLP record. To do this, type the following command, and then press ENTER: add name name=SMS_SLP endchar=1A rectype=0 ip={ip addresses}

Note Make sure that you enclose the IP address in braces (“{}”).

4- Add the MP_SMSSiteCode record. To do this, type the following command, and then press ENTER: add name name=MP_SMSSiteCode endchar=1A rectype=0 ip={ip addresses}

Notes:

  • Make sure that you enclose the IP address in braces (“{ }”). The SMSSiteCode variable represents the three-character string (letters, integers, or a combination of both) that is the code for the SMS site to which the Management Point belongs. It is displayed in the SMS Administrator Console.
  • We should enable WINS on Client Machines in LocalDomian.com domain.

Publish MP in DNS:

We should publish MP on DNS and make sure MP FQDN is resolvable from the clients in another domain.

To publish the default MP in DNS, Open ConfigMgr console in RemotDomain.local and go to Site Management -> SiteCode-SiteName ->Properties -> Advanced Tab -> publishes the default Management Point in DNS.

Abduljalil Abolzahab

SC Configuration Manager/Windows 7 Deployment

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s