How to setup a Configmgr hierarchies between two AD Forests without trust
Here is a document for setting up Configuration Manager in multiple Active Directory Forest with or without trust. It kind touch on everything but lacking the detailed instruction as to how to set it up!
Let’s say you have a production AD forest which have Configmgr hierarchies in place, you have another AD forest setup for commercial facing websites or whatever reason. The security requirement is NO TRUST between the two forests. How are you going to setup the site to site communication between these two forests?
The forest/domain functional level are Windows server 2003 and above (which meet the minimum requirement – Windows server 2003 domain/forest functional level! Both site has to be primary site according to the doc above! They are both in Mixed mode in our case.
1) Create a standard sender address in both forest in a domain\user format as the computer account won’t work in this scenario;
http://technet.microsoft.com/en-us/library/bb680457.aspx
2) Add the site address account you created above to the Site to Site connection group on the respective site server';
http://technet.microsoft.com/en-us/library/bb632850.aspx
3) Set the Central site (in production forest) as the Parent site for the new site;
http://technet.microsoft.com/en-us/library/bb632349.aspx
4) Last but not least – Manually exchange the public key follow the below link!
http://technet.microsoft.com/en-us/library/bb693690.aspx
That’s all you will have to do to setup site to site communication cross active directory WITHOUT TRUST!