Monday, June 27, 2016

Install ConfigMgr Current Branch in a Multi Forest situation

Recently it was needed to install ConfigMgr Current Branch (1602) in an environment with multiple forests with a single domain each. Most of times I install ConfigMgr in a single forest, where one or multiple domains resides or multiple forests with a trust in between. This time it was needed to publish site information across multiple forests without any trusts. Let's have a look at the steps taken.

First you need to configure conditional forwarders from the forest where ConfigMgr is installed to all remote forests where site systems are needed. Otherwise no forest discovery is possible at all.

After that the following must be done:
-Add a forest in ConfigMgr with a domain account from the remote forest. This account must have read permissions on the root of the forest at minimum.
-Run a schema update on the remote forest (schema master) manually by copying the files needed.
-Create a System Management container on the remote forest (without additional permissions needed)
-Create a boundary and boundary group for the remote forest (may be created by forest discovery automatically)
-Create a Network Access (NA) account on the remote forest and configure it in the ConfigMgr console
-Create a Push Installation (PI) account on the remote forest and configure it in the ConfigMgr console

-Run system discovery on the remote forest (with the remote NA account), where LDAP locations must be configured manually
-Set publishing in Site properties on the remote forest

After that forest discovery and publishing must be succeeded. When installing remote site systems, make sure the account for the remote forest is used now. This because the ConfigMgr computer account cannot be used in this case. Hope it helps!

No comments:

Post a Comment