Untrusted domain to enroll


Hi Everyone, query regarding for roles.

Requirement – To build new sccm infra for multi forests & domains.

There are two forests, like A forests & B.
In A forest have 4 child domains suppose A.com/B.com/C.com/D.com.
In B forest have 1 domain E.com

I am thinking if i build new sccm infra with all roles in A.com domain, and add other domains (B/C/D) to A.com sccm infra, for that do i need to install MP/SUP roles in each domain (B/C/D) or would it work with only Primary server (A.com) domain? Can we use same primary sccm servers to other domains without installing any sccm role to other domains B/C/D domains?

Secondly, In B forest case, when i add B forest to A.com domain in sccm, in that case do i need to install MP/SUP roles for B forest in order to get patched machines?

Pls suggest



Answer ( 1 )


    First thing you should do is find out if there is trust relationship between your forests.

    There is one article explains about that written by Anoop Nair and it should give you more clarity.


    The article was for SCCM 2012 and that bug is no more but the explanations in the article helps us about untrusted forests and domains.

Leave an answer

Sorry, you do not have permission to answer to this question .