Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Running two totally separated SMS hierarchies in the same forest (SMS2003 and ConfigMgr)

0 views
Skip to first unread message

chriss3 [MVP]

unread,
May 15, 2008, 5:23:38 AM5/15/08
to
Hi.
I would like to discuss running two totally separated SMS hierarchies in the
same forest (SMS2003 and ConfigMgr) I also want to state out that I'm not
interested in if the solution I'm thinking of is supported by PSS or not,
only honest answer if the solution can work.

From what I understand, there is an issue about locating the MP when you
have two separated SMS hierarchies in the same forest because the
SMS2003SP3/ConfigMgr Client will look in Active Directory for an MP, to be
more specific in the Systems Management Container; the MP is published with
its name and site code. How ever the SMS2003SP3/ConfigMgr can locate an MP
that has another site code then they are assigned to (The other hierarchy)

To work around this problem, I was thinking about set ACL/Permissions on the
MP container objects, so only clients known about the existence of the MP
container objects that belongs to there hierarchy. Let's say we do the
following configuration.

SMS2003 Clients Group = All SMS2003 clients is members of this group.
This group can read the MP objects of MPs in the SMS2003 hierarchy
(Expected result: SMS2003 client's doesn't know that a ConfigMgr hierarchy
exists in the same forest)

ConfigMgr Clients Group = All ConfigMgr clients is member of this group.
This group can read the MP objects of MPs in the ConfigMgr hierarchy.
(Expected result: ConfigMgr client's dosen't know that a SMS2003 hierarchy
exists in the same forest)

We don't publish the MP to another other sources like WINS (SLP), DNS etc.

I would like to have feedback on this solution in the following way.

A) Are I'm correct if I say. There is no other way that the client's can
discovery that two SMS/ConfigMgr hierarchies exists in the forests, then
looking in the Systems Management Container (Containers if multiple domains)
If we don't chose to publish MPs to any other sources?

B) Dose anyone think this can work, and bring the expected result: That the
two hierarchies doesn't each other exist?

Thank you very much.

--
Regards
Christoffer Andersson
TrueSec - Executive Consultant
Microsoft MVP - Directory Services


No email replies please - reply in the newsgroup
------------------------------------------------

http://www.truesec.com

jmarcum

unread,
Jun 9, 2008, 8:10:00 AM6/9/08
to
If I remember correctly I saw some discussion around this recently on the
ConfigMgr forum on technet. I think not only is it supposed to work but it is
also supported. People that are doing side by side migrations are doing it
and it works for them.

You should dig around in here and see if you can find a post about it or
just ask and see.

http://forums.microsoft.com/TechNet/default.aspx?ForumGroupID=488&SiteID=17

0 new messages