What are the options to use current sccm site to manage entire new site

Question

Currently I have one standalone sccm server which itself is primary site.
Let’s say I’m managing ABC.com and other trusted domains with abc using my current site. Now we got new customer xyz.com and they want their infra to be isolated from all the other domains not even forest trust and entire separate network. Looking for possible solutions to manage the new customer instead of creating new sccm site on their domain/network.

Note: I’m managing only server infra using sccm in both case.
Thank you in advance!

solved 0
Deepak Pathak 2020-07-24T21:59:50+05:30 4 Answers 206 views Beginner
0

Answers ( 4 )

  2. Deepak Pathak
    0
    2020-07-29T15:08:10+05:30
    Reply

    I’m having sccm version 1806 as primary site, can I go for 2002 or 1910 for Mp, dp, sup on upcoming secondary site?

  4. Anoop C Nair
    0
    2020-07-27T13:27:09+05:30
    Reply

    You just need to have MP SQL account to connect remote MP to DB.. Hope you are going use WID for SUP

    Best answer
  6. Deepak Pathak
    0
    2020-07-27T02:21:36+05:30
    Reply

    Thanks for Quick response Anoop Sir, I went thru the articles you suggested and came up with below high level points.

    1. Create MP, DP and SUP on untrusted domain by opening port 135, 389, 3268 and dynamic port for RPC and WMI from site server to untrusted domain controller to discover.
    2. Ports http:80,sup:8530 for software distribution and software updates.
    3. Conditional forwarders in DNS if not then host file entries on each endpoints which should result ping and name resolution
    4. Sccm service account with no domain admin but should have full permission on ADSIET> System management container
    5. Extend schema on untrusted Domain
    6. Add that forest into sccm site.

    Do we need to do anything for SQL and reporting tasks?
    As you have already done this tasks multiple times, can you share the checklist I that I can follow in order to achieve this seamlessly.

  8. Anoop C Nair
    1
    2020-07-25T02:30:15+05:30
    Reply

    You can manage devices from untrusted forest .. I‘be seen and used this in many organisations..you just need to have mp , sup, and DP in that untrusted forest xyz.com

    I have some examples here

    https://www.anoopcnair.com/untrusted-forest-sccm-mp-rotation-issue/

    https://www.anoopcnair.com/remote-dp-installation-error-0x800706ba/

    https://www.anoopcnair.com/require-the-site-server-to-initiate-connection/

Leave an answer

Sorry, you do not have permission to answer to this question .