I have SCCM2007 installed in a forest, all site system roles installed, boundaries configured,discovery methods all enabled andconfigured. The Active Directory schema has been extended, and site information have been published in Active Directory, DNS and WINS. I would discover clients and Active Directory Resources (users, groups) in another forest, trusted with a Forest Trust. I cannot see the resources of the other forest in none of the collections of my SCCM. Which can be the reasons? Thank you

The site server needs Read rights to the other forest. Outside that, did you specify a AD path in the AD System Discovery to the other forest? It's actually pretty simple. If it doesn't work, you should look at the adsysdis.log on the site server to see what it says.

Thank You Wally... After several hours of wait, it does.... Yes, I specified a AD path in the AD System Discovery to the other forest, and also I granted permissions (Full Control, not only read) to the site server to the other forest. I did this by granting permission at the System container in the advanced features of Active Directory Users and Computers. Is this correct? Generally speaking, there's a list of features that cannot work for sure in a multi-forest environment? ... Or all SCCM 2007 features work perfectly also in a multi forest environment? I have a customer that doesn't want SCCM be installed on servers in his forest, so I thought to create a separate forest with SCCM installed, create the forest trust, and manage the forest of my customer in this way. Now I'm testing the environment, but I want to be sure that Software distribution does work, Patching does work, OS Deployment does work, and son on... What's your opinion? Thank you

All features work between forests. You just need the ability to find resources, install clients, find site resources, etc. But all works. No doc on what doesn't work, as all do :-) After "several hours of wait, it does..." - it does what - work? If so, then it could have been your schedule, could have been a backlog of DDRs on the site server, could have been rights took a while to get applied, etc.

We are also in a similar situation. The company is looking to implement SCCM 07 into a multi-forest environment, however due to some security constraints we have some restrictions and there are only one way trusts between the forests and some firewalls in between these forests. Does SCCM 07 require two way trusts to operate and be able to discover resources and clients and have the ability to deploy patches, software and manage all clients. So, in other words, would it be possible to deploy a Primary or CentralSCCM site in one forest and manageall resources in the other forests from that site (All forests are on a high speed link).

Yes, as already stated, we do support clients in remote forests. No, a two way trust is not required. Youlikely willneed to configure a Network Access Account to accomodate clients from the remote forest accessing content on distribution points in the site system forest. It's amazing what a little self-research on the online product docs can reveal :-) http://technet.microsoft.com/en-us/library/bb694003.aspx http://technet.microsoft.com/en-us/library/bb680398.aspx

Hi, i have a similar case. My client has two forest, the first is a Resouce Forest with only one domain, the second is a User Forest with only one domain. Where should i install SCCM? to extend the schema. I need SCCM full functionality in the User Forest to manage all computers but a the same time i need patch management, DCM, and End Point Protection in the Resouce Forest Servers. My client doesn´t want WINS to discover services. Thanks in advance