Forum Discussion
SCCM hierarchy design
mcgees Thank you for taking the time to respond.
My company has decided all three domains will remain but I will be creating a 2-way trust between the domains. I'm in the process of setting the companies up so that the network will be connected.
As each site has there own IT team looking after each SCCM server, am I correct in saying that each secondary server can be in the separate domains and the team admins can connect to the secondary sites to administer and deploy site-specific applications?
TazzKT ConfigMgr doesn't care about trusts between domains so that's irrelevant for this discussion really. Trusts are about authentication, ConfigMgr doesn't use AD to authenticate managed systems. The trust only matters if you will be targeting users with deployments as that's the only time AD authentication across forest boundaries matters.
As each site has there own IT team looking after each SCCM server, am I correct in saying that each secondary server can be in the separate domains and the team admins can connect to the secondary sites to administer and deploy site-specific applications?
No, this is not the purpose or function of secondary sites. Secondary sites are about extending a ConfigMgr primary site to remote locations with limited bandwidth connections. Administrative separation is provided using Role-based Administration in ConfigMgr and not an artifact of the infrastructure design.