Written by Newt Cunningham at Cireson.
With some environments there comes the necessity of incorporating other forests for Configuration Manager to maintain. There are certain things that need to happen on the Configuration Manager server in order for other forests (and their clients) to work in harmony with Configuration Manager. Here are a few points to help with understanding what needs to happen in order to establish Cross-Forest Communication:
- First off, it is best for Trusts to be established between the Forest that the Configuration Manager Server is in and in the other forests
- Make sure the AD schema for Configuration Manager is extended in each forest
- Either create a Global account in each forest or use the Configuration Manager Site server and give it Full Control permissions to the System container or to the System Management container (after creating it in the System container in its respective forest) in order to publish the Configuration Manager info into the new forest’s AD
- Get domain suffixes of each AD forest and input them into Active Directory Forests while also specifying the newly created accounts for their specific forest
- Select the site under the Publishing tab for the proper publishing
- Under Administration\Site Configuration\Sites, select the properties of the site you are wanting to edit and go to the Publishing Tab
- Select the forest to which the site will publish its site data to
- Eventually, it will say Succeeded under Publishing Status in the Active Directory Forests section
- If necessary, select the new additional domains/forests for discovery (devices/users), and make sure to input the boundaries and boundary groups of the new forests for the clients to be managed.
- Put the additional forest’s Client Install accounts under Client Push Installation Settings for client push installs in other forests
This should for the most part help with your Configuration Manager communication needs for multiple forests. If you have any questions in regards to this then send me a message on my Twitter (https://twitter.com/JNewtonC) and follow https://twitter.com/teamcireson. Hope this helps everyone out there and makes life a little easier for you.