Hi there, This question is similar to that posted in this thread (http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2531552&SiteID=17), but I have some additional questions/doubts: I would like to have a central site where I have an instance of SCCM 2007, AD native level etc. etc. Secondly, I would like to provide a service to various clients, who are in different forests without trust relationships (so that users with computers in the domains do not see various un-related domains when they log on.) These sites would most likely be primary sites. Would AD issues still be a problem if I have a site server in each untrusted child site - that is to say, would I still need WINS? It is probable I will be able to implement a child server in each site, therefore they can be primary sites. Any other restrictions I must be aware of? I know I will have to create the sender accounts - is there anything detailed in the SCCM documentation? I have been reading this page: http://technet.microsoft.com/en-us/library/bb694003.aspx Thanks.

If each location is a unique forest with AD extended and Config Mgr site and client computers never travel from site to site, your scenario is straightforward. Set up each site as if it were the only one, extending AD, setting up certificates, etc. Then use Windows accounts for addresses between sites to join them. (eachWindows account being valid at thedestination site) Now you can manage all sites from the central site or TS to any particular site directly and manage it. If you do not share DNS you will need to take some action to get name resolution working to remote sites.

Thanks, sounds good. Now, in the child primary sites, each with a local site server, do the clients need to be able to resolve addresses in the the top level site, or only the site server(s)? The lower level sites would most likely be linked to the parent site through dedicated VPN links.

Clients primarily only talk to the MP in the site they are sitting at (local site unless roaming), and distribution points. They can also communicate with a state migration point (for OSD) or a server locator point (for assignment), but primarily a MP and DP. They never talk to a site server, unless it is one of the other roles the client needs to talk to. Clients will also query the Global Catalog for data in AD.

Clients primarily only talk to the MP in the site they are sitting at (local site unless roaming), and distribution points. They can also communicate with a state migration point (for OSD) or a server locator point (for assignment), but primarily a MP and DP. They never talk to a site server, unless it is one of the other roles the client needs to talk to. Clients will also query the Global Catalog for data in AD. I have a question on the above statement We are testing a proof of concept to test multiple domain sccm setup in one forest Currently we have : 1 primary site server sccm 2007 sp2 r2 - housing sql\mp\dp in Domain A Site Code: T01 We have built a new secondary server sccm 2007 sp2 r2 in Domain B Site Code: T02 Everything appears to be functional on the newly built secondary and have successfully installed the PMP (Proxy management Point) on the secondary.However when I test the sccm client on the new secondary server to confirm functionality, I notice that the client is going to the primary management point for default management point in locationservcies.log. I would expect in this setup that the client should also discover the proxy management point T02 as well as the default management point T01? I know in a 1 forest single domain model this is how clients work when you have a secondary site installed as they look for information through Active Directory In our test lab we created a systems management container in the system partition on Domain and gave it the relevant rights. When T02 secondary site system had the MP installed , it successfully published this into AD Domain B as we could see the pointer appear in Domain B Is there a misunderstanding on my part or have we missed something?