Infrstructure: SCCM SP1 R2I have a gut-check question for configuring clients in a complex environment. We have a portion of our network that is a seperate (non-trusted) domain (seperate forests) with their own DNS servers. I am looking for the best way to add these clients into my existing architecture.1. I know I will need an SLP, which I can add either at command line install OR in the registry entry: HKLM\Software\Microsoft\CCM|SMSSLP. This is due to the fact that these client will not be able to query the AD architecture of my SCCM Servers for assignment.2. Configure an entry for the SLP server & MP Server in the DNS of the other domain's DNS so that when clients query for that server, they will resolve everything correctly.Will I need to configure an MP entry anywhere (either in the client's remote domain or in my local domain) to make this work? Like WINS: MP_<Sitecode>, or DNS _mssms_mp_<sitecode>? or will the SLP help translate all of that for me. I know I could probably use the HOSTS files or LMHOSTS for certain pieces - but would like to know the recommended approach for a situation like this.Thanks!

Are you aware of http://technet.microsoft.com/en-us/library/bb694003.aspx? This article describes everything that's needed to get it up and running. You should also have a look at http://technet.microsoft.com/en-us/library/bb680962.aspx, because you have to treat clients in a remote forests as if they were workgroup computers.

In practice, I could not get DNS entries to work in a cross-domain environment. I had to stick with the WINS SLP entry. See: http://technet.microsoft.com/en-us/library/bb632567.aspxHowever, we eventually had to take the entries out of WINS due to multiple SCCM architectures being deployed in the environment, and we were able to use AD to get clients to find the MP... This is a HIGHLY UNSUPPORTED method, but it did seem to work for us. The trick was to use LDP to export the AD site and MP entries from the AD domain where SCCM is located and import it into the other domain.Scott Gill SCCM Consultant

When I recently did a multi-forest implementaton I decided that the best way was to place a primary site in the remote forest. This is way easier than managing clients as workgroup machines.John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum

True, but then you have to deal with extra administrative overhead, additional site boundary complexity, etc, etc. The experiment also taught us a lot about how the client works and that all of the access bloat that SCCM adds to AD isn't really necessary. For example, SCCM adds all of the boundary information into AD and we discovered that this was unnecessary as additional boundaries added to SCCM did not have to be re-exported and put into the other domain... EVER. It ended up working pretty flawlessly even with the addition of new AD sites, IP scopes, etc.And as far as the lack of MS support, well, at least where I was at, the support was pretty lacking anyway so we weren't concerned with lack of MS support. It's just an option that I have tested and can confirm that it does work, however, if you can go with any other supported method, go with that instead. WINS is really the only other supported method that works (without multiple sites)... but from what I hear they will be removing this support soon. I just hope they get DNS working before they remove WINS.Scott Gill SCCM Consultant

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios. In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks,Yog Li - MSFT