ConfigMgr–Managing other domains

Leading on from my other posts about creating device and user collections, in my environment I need to manage multiple domains so I thought I’d do a quick post on some of the prerequisites and some tips.  All these things should make your life a little easier and ensure errors are kept to a minimum.

Trust Relationship
Does a trust exist between your domain and the secondary domain you wish to manage?  If not create one.  If this involves setting up a Branch-Office VPN or WAN, speak to your infrastructure team and ensure both your network and the network that contains the other domain(s) have some way of routing to each other.  Every situation and infrastructure setup can present different constraints so I’m not going to go in to great detail on this one but here are a couple of links to get you started: – Forest Trust Checklist – Creating a Forest Trust

Discovery (AD Sites and IP Subnets)
If you don’t set up your site and IP subnets properly when you first set up your domain and you leave everything as default then you unfortunately get the default name for your AD Site which is Default-First-Site-Name.  You’ll get issues discovering AD sites within ConfigMgr if all of your sites are named like this so probably a good idea to name your sites uniquely.   In addition make sure you have your IP Subnets set up for each AD site.  These will then all pull in nice and easy through discovery as long as you have your accounts setup properly so the account has the correct access.  To examine your discovery settings look here Administration \ Overview \ Hierarchy Configuration \ Discovery Methods from within the ConfigMgr Console and ensure the correct settings are in place for the discovery methods you wish to use. – Article on renaming AD Sites using PowerShell if you have multiple sites to rename like myself.  I wrote a script for doing this prompting me for each name.

Extending the AD Schema
I can see no reason why you shouldn’t extend the AD Schema but that may be because I haven’t come across a valid reason not to in my working life.  You can extend the schema on each of your domains by running the extadsch.exe  from the BIN\X64 folder on the root of your ConfigMgr disk or ISO.  You’ll then get a log file written to the root of C:\ which will tell you whether or not the process was successful.  Check this log before moving on.

System Management Container
Adding a System Management container and/or changing the permissions is advisable also.  You can use AD Users and Computer if you wish, as long as you have the Advanced Features switched on.  From the root of AD navigate through System \ System Management right click and select Properties.  On the Security tab ensure your ConfigMgr server (or servers group) have full permissions on the container.  Job done.

Client Push
I did a previous post on Client Push methods but once the above is in place your client push should now work a lot smoother either from the console or via any of the other methods.

Ref post:

Check Site Systems & Components
Last but not least, check your site systems.  Navigate to Monitoring \ Overview \ System Status \ Site Status and check all of the components have a green tick and are OK.   Then look at Monitoring \ Overview \ System Status \ Component Status and check those are all working just fine working through any errors or warnings.  Personally I dread looking in here as there always seems to be some issue that crops up but if you keep on top of this you’ll soon have a streamlined slick system in place


I hope this was useful to you.