ConfigMgr Forest Discovery and Name Resolution

image

Forest Discovery is a new feature in ConfigMgr 2012 that enables ConfigMgr to dynamically create boundaries based on subnet information in Active Directory and publish service location information to multiple forests. You can specify an account in the discovery’s configuration if the site server account does not have permissions to read from or write to the forest.

An important part of Forest Discovery though is finding a domain controller for the forest so that it can do the above. Just like normal Active Directory service location, this requires more than just A records in DNS; it also requires SRV records: http://technet.microsoft.com/en-us/library/cc783389(v=WS.10).aspx. These are created automatically by your DCs so you shouldn’t have to create them (if you do, you’ve probably got bigger issues); however, if you are implementing forest discovery for an untrusted forest, it’s possible that name resolution for resources in that untrusted forest is incomplete and thus won’t resolve the SRV records. This could happen for a variety of reasons but is easily solved by setting up a conditional forwarder to enable complete name resolution of all resources and services in the target forest from the source forest that contains the ConfigMgr hierarchy. A secondary DNS zone is also possible if you aren’t using native Windows DNS or if you are gluten for punishment, manually creating the necessary SRV records in a manual, local “copy” of the DNZ zone in the source forest’s DNS servers.

email

Written by , Posted .