How SCCM manages roaming client



Wanted to understand how SCCM will manage the roaming clients. The scenario is as below.

ABC company has a parent domain and child domain. The child domain of ABC company is managed by XYZ company. Few XYZ company users sit into branch locations of ABC company. ABC company is having SCCM server that is currently managing all the systems including XYZ company.

Now XYZ company wanted to implement a separate SCCM server for their child domain and to manage their systems only but the question is how the XYZ company users who sit in the branch location of ABC company will be managed by XYZ company SCCM server only.

XYZ company system should not go to ABC company SCCM server or ABC company systems should not come to XYZ company SCCM server.

XYZ company’s SCCM server will be in HTTPS mode.

Please guide.

in progress 0
Parag 2022-03-11T16:04:50+05:30 5 Answers 48 views Beginner 0

Answers ( 5 )


    CMG is also could be the one solution for Sales users.


    Appreciate your quick reply.

    I also feel Intune will be the best solution for sales users. Could you please help me to know what will be the minimum Intune license requirement for these 100/150 users for basic use like inventory, patching, compliance settings & app deployment (.exe or .msi)?

    Yes, there will be different site code & unique PKI certificate for new primary site so locations having different IP subnets will work but locations having the same IP subnets (like branch locations) can cause issues to find relevant MP/DP/SUP. Correct me if I am wrong.

    There is no VPN.

    I am agreeing with you. It’s network/infra issue not SCCM issue.


    Thank you for your reply.

    We will suggest RBAC but if still XYZ company wants separate SCCM then what are the possibilities.
    Branch users which XYZ company is looking to manage users that are around 100/150 users and these are sales users which are spread across India. These users are using ABC network as they don’t have separate VLAN for them. The rest of the locations are having a dedicated VLAN of XYZ company so that can be manageable.
    ABC branch subnet or IP range will be part of ABC boundary group only, it won’t be there with XYZ as the branch network is owned by ABC company.
    So, the question is how these sales users of XYZ company will be managed from XYZ company SCCM server, if they go for new SCCM Primary server.

    • I normally ask XYZ sales users to use Intune instead of SCCM. A better solution for on-road internet-facing users.

      You should have a different site code for the new primary site that you are building isn’t it and the respective clients will be assigned to that site code? So it should not get the policies from other primary servers but it can create other issues. You might need to test this and confirm. I don’t have any definite answer here.

      If you don’t have any ways to segregate those users then I suppose it’s not an SCCM issue but rather a network or infra issue. Do they have different VPN boundaries? If so, we can segregate based on that

  1. I don’t think you need to install another SCCM server for this scenario.

    This is what I understand from your scenario.

    ABD parent and Child Domain and SCCM Server

    Child of ABD is managed by XYZ.

    XYZ users in ABC branches

    Why does XYZ want to implement separate SCCM? XYZ and ABC are going to get separated? First of all, I won’t suggest building another SCCM infra for this segregation. This segregation is done via SCCM RBAC and other settings such boundary group, scope, collections, etc.

    XYZ company system should not go to ABC company SCCM server, or ABC company systems should not come to XYZ company SCCM server. – The simple answer is to configure boundary groups appropriately …

    Site assignment should be proper with appropriate boundary group – there should be separate VLAN for ABC and XYZ.

    This is not the roaming scenario. Roaming scenario in SCCM is the client moving from one site to another site within the same sccm hierarchy; you are creating a separate hierarchy, if I understand well.

    This is not an ideal scenario. If you ask me I won’t recommend doing the same.

Leave an answer

Sorry, you do not have a permission to answer to this question .