Simplified SMS 2003 Site-to-Site rights
This is a tip I was given years ago, so I forget who it was, so I'm sorry I can't give credit where credit is due. In SMS 2003, using Advanced Security, it is the computer account which usually handles site-to-site communications. Whenever you build a new site, you could add that computer account to it's immediate hierarchical neighbors' local groups and any AD Ous it may need access to. But here's a simplified method for ensuring all of your sites can talk to all of your other sites.
-
Create an AD Group called something like "SMS_Site_Servers"
-
Add to this AD Group the computer accounts of all of your site servers
-
Grant this AD Group the rights necessary to the AD System Management Container
-
Add this domain AD Group, SMS_Site_Servers, to the local Administrators group of each Site (PS: you could instead put the group in the appropriate SMS_ local groups needed; but Administrators group is simpler, and I'm going for simple here)
Done! The only caveat is that new group memberships of a computer/server aren't acknowledged until a reboot, so you'll have to reboot your SMS servers to get that group membership active. But from now on, whenever you need to add a new SMS Site Server (Secondary site, DP, etc); Add that computer's AD Account into SMS_Site_Servers; add SMS_Site_Servers to the local Administrators group of the new SMS Site Server, one reboot--and rights are taken care of.