DP in different forest

Karun Khanna 46 Reputation points
2021-01-17T08:27:07.347+00:00

we have 2 forest, one for prod and other for DMZ. Prod servers (abc.com) and DMZ servers (xyz.com) are domain joined.
Primary server is (PRI.abc.com) We want to use SCCM to patch servers now so for 150 servers in DMZ i was thinking to just put a DP in DMZ forest (DMZDP.xyz.com)
Is the solution sounds fine in terms of roles.
Also, its just like putting any other DP in same forest after opening ports or do i need to do anything additional to set up DP in DMZ?

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Amandayou-MSFT 11,051 Reputation points
    2021-01-18T07:21:52.09+00:00

    Hi @Karun Khanna ,

    We could just configure some ports between untrusted forests.

    Please refer to the following picture:
    57591-image.png

    And about the detailed information, kindly refer to this article:
    https://systemcenterdudes.com/installing-sccm-dp-mp-sup-untrusted-domain/
    Note: This is non-official Microsoft article just for your reference.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Jason Sandys 31,176 Reputation points Microsoft Employee
    2021-01-19T03:27:04.02+00:00

    Clients must also be able to connect to an MP and a SUP. Without knowing more details of the environment and your network's security policies, not much can really be said here except that the AD domain scenario is completely irrelevant for designing the proper solution here.

    0 comments No comments