Hi everyone I've been tasked to design an extension to our existing SCCM environment and I'm no SCCM expert, so I was hoping I may be able ask for a little advice from some more experienced folk on the forum. First off, I'll describe what we currently have, and show you with a bit of ASCII art :-) The existing SCCM environment is all based in one AD domain (DOM1) and as one SCCM site (S01) as shown below; +------------+ +------------+ | CENTRAL DB | | PRIMARY DB | +------------+ +------------+ | | | | +------------+ | | CENTRAL SRV| | +------------+ | | | | | +------------+ | | PRIMARY SRV|------------+ | |------------------+ +------------+ | | | +------------+ | DIST POINT | +------------+ Now, I need to roll out SCCM to two much smaller AD domains which I'll call DOM2 and DOM3. These domains will only have a maximum of 240 clients between them. DOM1 will have a trust relationship with DOM2 and DOM3 will have a trust relationship with DOM2, so that communication between DOM1 and DOM3 will only be possible through DOM2. Hopefully I will be able to configure a Secondary Site which will be a child of the current Primary Site and configure boundaries for DOM2 and DOM3 on this site. Does anyone have any advice on this possible design? I know some people would advice against using Secndary Sites but as DOM2 is in fact a DMZ, I think this seems quite suitable. The other alternative design I'm considering is to implement another Primary Site to handle DOM2 and hang a Secondary Site off this to handle DOM3, but this is less desirable. I'd appreciate any views on this, positive or negative, and whether any other forum members have any experience in implementing such an option. Thanks in advance. John

How many forests do you have?Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund

How many forests do you have? Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund Just the one.

Depending on the sites (physical locations and bandwidth), you can do with a single site or perhaps just add secondary sites. You don't have that many clients.Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund

Thanks Kent, that is good news! Would I need two Secondary sites, or could I get away with just one? Also will SCCM cope with authentication across the AD domains, or will I have to exchange keys? John