SOLVED Using SCCM how to manage clients in untrusted forest

[Marek Belan]

Hi all

we have request to install sccm slient to servers on test, perf, domains.
This domains is not trusted with production domain where is SCCM and is in separate networks, have own AD, DHCP DNS atc.
What is best practice to install?
Is port 80 enough open to client working ?

 

[Prajwal Desai]

Yes that is possible - https://blogs.technet.microsoft.com...e-server-site-systems-in-an-untrusted-forest/
Port 80 may not be just enough, SCCM server needs to talk to remote forest (DNS port 53,LDAP port 389) to publish the information and discover objects. On the other hand you must open ports that require for client to talk to MP,DP,SUP. Read this article - https://docs.microsoft.com/en-us/pr.../system-center-2012-R2/hh427328(v=technet.10)

Check out this post by Eswar - http://eskonr.com/2017/02/sccm-configmgr-how-to-manage-clients-in-untrusted-forest/

 

[Marek Belan]

We don't need to discover object from this domains. We just need install working client on this servers.
So there will be manual install of client with parameters and some certificate stuff i looking for this.

 

[Prajwal Desai]

Yes you can install the agents manually, you can also use the extra switches to provide details for certs etc.