Intel vPro® Platform
Intel Manageability Forum (Intel® EMA, AMT, SCS & Manageability Commander)
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.
2616 Discussions

Its possible provisioning a computer with sccm client between two forests?

Community Manager

Hello, I will tell my case to see if anyone can help me. I have a fairly old domain (eg. contoso) with level Windows 2003 functional, I have all the servers and computers. I want to add the vPro functionality, I have installed SCCM 2007 SP2 for to do it.


It creates another additional domain in a forest (eg. and implemented a CA on a Windows Server 2008 R2


It adds a bilateral trust relationship between the two forests.

Its possible provisioning a computer with sccm client between two forests?? It's supported??

0 Kudos
4 Replies
Community Manager

Thanks, but I don't understand what you mean ...


I have installed SCCM SP2 with OOBE role and configured in a forest (contoso). I have installed Microsoft CA and all computers with Windows Vista in the same forest and are discovered and provisioned devices without problems.


My question is, if I change the original CA for another (windows 2008 R2) in another forest (corporate), the computers will continue provision??, is't supported?



In theory, you can do it as far SCCM 2007 SP2 computer account retain the permission on CA and template to issue certificates.

However, you must carefully plan this movement. The original CA must be available for a period of time while you renew vPro client certificates, since management console should consult the CRL of the original CA.

BTW: if you use this CA for S/MIME and file encryption the requirement to keep the original CA will be much harder.

Best Regards!

--Bruno Domingues

Community Manager

Ok, thanks. In theory...

Someone has tested??. I get a mistake