Community
cancel
Showing results for 
Search instead for 
Did you mean: 
idata
Community Manager
1,277 Views

Its possible provisioning a computer with sccm client between two forests?

Hello, I will tell my case to see if anyone can help me. I have a fairly old domain (eg. contoso) with level Windows 2003 functional, I have all the servers and computers. I want to add the vPro functionality, I have installed SCCM 2007 SP2 for to do it.

 

It creates another additional domain in a forest (eg. corporate.com) and implemented a CA on a Windows Server 2008 R2

 

It adds a bilateral trust relationship between the two forests.

Its possible provisioning a computer with sccm client between two forests?? It's supported??

0 Kudos
4 Replies
idata
Community Manager
54 Views

Thanks, but I don't understand what you mean ...

 

I have installed SCCM SP2 with OOBE role and configured in a forest (contoso). I have installed Microsoft CA and all computers with Windows Vista in the same forest and are discovered and provisioned devices without problems.

 

My question is, if I change the original CA for another (windows 2008 R2) in another forest (corporate), the computers will continue provision??, is't supported?

Thanks

Bruno_Domignues
Employee
54 Views

In theory, you can do it as far SCCM 2007 SP2 computer account retain the permission on CA and template to issue certificates.

However, you must carefully plan this movement. The original CA must be available for a period of time while you renew vPro client certificates, since management console should consult the CRL of the original CA.

BTW: if you use this CA for S/MIME and file encryption the requirement to keep the original CA will be much harder.

Best Regards!

--Bruno Domingues

idata
Community Manager
54 Views

Ok, thanks. In theory...

Someone has tested??. I get a mistake

Reply