SCCM 2007 Help full topics from Technet

1. Configuration Manager Single Site Planning and Deployment

ü Configuration Manager Supported Configurations

ü Prerequisites for Installing Configuration Manager

ü Configuration Manager Site Naming

ü SMS Provider Overview

ü Configuration Manager Site Database Overview

ü Planning Configuration Manager Boundaries

ü Configuration Manager in Multiple Active Directory Forests

ü Extending the Active Directory Schema for Configuration Manager

ü Configuration Manager and Name Resolution

ü Configuration Manager and Service Location (Site Information and Management Points)

ü Configuration Manager Site Modes

ü Configuration Manager Custom Web Site Overview

ü Configuration Manager Discovery Planning

ü Configuration Manager Site System Planning

ü Configuration Manager Service Principal Name Requirements

ü Configuration Manager and Network Load Balancing Clusters

ü Configuration Manager Security and Privacy Planning

ü Configuration Manager Setup Overview

ü Configuration Manager Post Setup Considerations

ü Configuration Manager Planning and Deployment Flowcharts

ü Configuration Manager Tasks for Planning a Single Site

ü Configuration Manager Tasks for Deploying a Single Site

2. Configuration Manager Multiple Site Planning and Deployment

ü Administering Multi-Site Hierarchies

ü Roaming Between Sites in Different Modes

ü Configuration Manager Site to Site Communications

ü About Data Priorities

ü Administrator Workflow: Configuration Manager Hierarchy Planning and Deployment

ü Configuration Manager Tasks for Planning Multiple Sites

ü Configuration Manager Tasks for Deploying Multiple Sites

3. Configuring Configuration Manager Sites for Best Performance

ü Performance Considerations When Designing Configuration Manager Sites

ü Best Practices for Central and Primary Site Hardware and Software Configuration

ü Performance Configuration Recommendations

ü Expected Server Resource Usage for Configuration Manager Sites

ü Monitoring Site Performance

ü Troubleshooting Configuration Manager Performance

4. Configuration Manager Upgrade and Interoperability Planning and Deployment

ü Planning to Upgrade to Configuration Manager

ü Configuration Manager 2007 Upgrade Checklist

ü Configuration Manager In-Place Upgrade

ü Configuration Manager Side-By-Side Upgrade

ü Upgrading Secondary Sites

ü Configuration Manager Post-Upgrade Considerations

ü Configuration Manager Tasks for Upgrade and Interoperability

ü Configuration Manager Upgrade Flowcharts

ü Configuration Manager Upgrade Administrator Workflows

5. Deploying Configuration Manager Sites to Support Internet-Based Clients

ü Overview of Internet-Based Client Management

ü Provides an overview of Internet-based client management.

ü Prerequisites for Internet-Based Client Management

ü Lists the external and product dependencies for Internet-based client management.

ü Planning for Internet-Based Client Management

ü Provides planning information for deploying a site for Internet-based client management.

ü Configuring Internet-Based Client Management

ü Provides the configuration checklist and tasks to configure a site for Internet-based client management.

6. Deploying Configuration Manager Sites in International and Multi-Language Environments

ü Planning and Deploying Your Multilingual Site Hierarchy

ü Tasks for International and Multi-Language Configuration Manager Clients

7. Configuration Manager Tasks for Decommissioning Sites and Hierarchies

ü How to Remove a Primary Site from a Hierarchy

ü How to Remove a Secondary Site Using the Configuration Manager Console

ü How to Remove a Secondary Site From a Hierarchy

8. Planning and Deploying Clients for Configuration Manager 2007

ü Overview of Configuration Manager Client Deployment

Provides an overview of client deployment in Configuration Manager 2007.

ü Prerequisites for Configuration Manager Client Deployment

Provides information about the necessary prerequisites for client deployment in Configuration Manager 2007.

ü Planning for Configuration Manager Client Deployment

Provides planning information for the client deployment in Configuration Manager 2007.

ü Configuring Configuration Manager Client Deployment

Provides the configuration checklist and tasks to configure client deployment for the site.

ü Tasks for Configuration Manager Client Deployment

Provides a set of tasks to perform client deployment objectives.

ü Troubleshooting Configuration Manager Client Deployment

Provides troubleshooting information for deploying and managing clients in Configuration Manager 2007.

ü Best Practices for Securing Clients

Provides security and privacy information and best practices for client deployment.

ü Technical Reference for Configuration Manager Client Deployment

Provides technical reference information for client deployment.

Here is the chm file can bedownload from Microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyID=81997356-7f18-48b2-a53a-d6f995a47f35&DisplayLang=en

-------------------
Thanks,
http://paddymaddy.blogspot.com/

SMS Support Webcasts Archive

SMS Support Webcasts Archive

 

 

2004 Webcasts • TechNet Webcast: Managing a Microsoft Windows Server 2003 Network - (Part 3 of 4) December 15, 2004: This webcast is the third in a four-part series that examines key aspects of proactive Windows Server 2003 network management. In the third part we will focus on using SMS to package and deploy software and updates across your network. • TechNet Webcast: Deploying SMS for Server Management December 14, 2004: Ever wonder what is involved in an effective deployment of an SMS infrastructure? In this webcast, we will explore the specific business and technical requirements needed to analyze and deploy SMS for use in the management of a server environment. • TechNet Webcast: Zero Touch Deployment December 9, 2004: Learn to fully automate your desktop deployment. Get guidance on using the latest versions of SMS and Microsoft BizTalk to automate deployment and provisioning. This webcast introduces the Microsoft Business Desktop Deployment (BDD) Enterprise Edition solution. which offers complete guidance for Zero Touch Provisioning using Microsoft BizTalk Server 2004. • TechNet Webcast: Security Patch Management Tools (Part 3) - SMS with the SUS Feature Pack November 22, 2004: In this webcast, we will discuss using SMS and the SUS Feature Pack as patch management tools in your environment and how they fit into a comprehensive patch management strategy. SMS and SUS offer different advantages and benefits to an organization. This webcast will review their different capabilities and how they contribute to a secure infrastructure. • Executive Circle Webcast: What's New with Microsoft's Enterprise Product Roadmap September 29, 2004: This webcast will bring you up to speed on the enterprise software roadmap, highlighting the significant shifts in delivery dates and support policies for Windows Server™ 2003, SQL Server™, Systems Management Server and Security technologies. • TechNet Webcast: Upgrading to SMS 2003 SP1 September 23, 2004: Now that SMS 2003 SP1 has been released, what is the upgrade process? In this webcast, we'll perform an upgrade of an SMS 2003 site to SMS 2003 SP1. • TechNet Webcast: Security Patch Management Tools (Part 3) - SMS with the SUS Feature Pack September 17, 2004: Do you have an effective, comprehensive patch management strategy? Do you know when to use SMS and when to use Software Update Services (SUS)? In this webcast we will discuss using SMS and the SUS Feature Pack as patch management tools in your environment and how they fit into a comprehensive patch management strategy. • TechNet Webcast: Security Patch Management Tools (Part 3) - SMS with the SUS Feature Pack June 23, 2004: This webcast will discuss using SMS and the SUS Feature Pack as patch management tools in your environment and how they fit into a comprehensive patch management strategy. SMS and SUS offer different advantages and benefits to an organization. This webcast will review their different capabilities and how they contribute to a secure infrastructure. • TechNet Webcast: Combining PatchLink with SMS, SUS, and MBSA for Patch and Security Management May 27, 2004: This webcast demonstrates how PatchLink UPDATE works with Microsoft SMS 2003, SUS, and MBSA to enable patch management from a single console for all Windows operating systems as well as non-Windows OS platforms. • TechNet Webcast: Microsoft System Management Server 2003: A Technical Overview May 21, 2004: Whether you have used SMS before or are just thinking about SMS for the first time, this webcast will give you the information you need to plan for an upgrade or adoption of SMS 2003. The session starts by showing the new features of SMS 2003 and goes on to show how SMS 2003 integrates with Network and operating system technologies, such as Active Directory and Windows Management Instrumentation. • TechNet Webcast: Shop Talk Discussion on Patch Management at Microsoft using SMS 2003 May 5, 2004: This webcast tells you how the Microsoft Information and Technology Group (Microsoft's IT department) patches its desktop and server environment using SMS 2003. • TechNet Webcast: Getting Started with Microsoft Systems Management Server (SMS) 2003 March 25, 2004: This webcast shows how features in the new version of SMS 2003 can help you improve the management and security of your IT infrastructure. Agenda items include an overview of the new capabilities in SMS 2003, recommended best practices for deployment, and how to use the new and improved features. • TechNet Webcast: Using SMS 2003 Software Update Management Features March 3, 2004: This webcast discusses the SMS 2003 software update management process, and demonstrates the entire process from installation of this feature to verification that the distributed patch was deployed successfully. • TechNet Webcast: Upgrading SMS 2.0 to SMS 2003 February 4, 2004: This webcast describes guidelines and procedures you can use when upgrading to SMS 2003. It also discusses the differences in architecture, site systems, client deployment, and capabilities between the two versions of SMS, and includes a walkthrough of an upgrade on an SMS 2.0 site. • TechNet Webcast: Introduction to Automated Deployment Services February 3, 2004: This webcast offers a comprehensive overview of ADS and provides details on its architectural design, features, and benefits, as well as examples of customer deployments.

2003 Webcasts • TechNet Webcast: Securing Your Business Enterprise with Patch Management Using SMS 2003 December 9, 2003: This webcast discusses the Patch Management Solution Accelerators using Systems Management Server 2003 to patch an enterprise and the steps to implement process and automation to increase operational efficiency in the enterprise. • TechNet Webcast: Software and Patch Management with Software Update Service, Windows Update and SMS December 5, 2003: This webcast covers installation and configuration of Software Update Services (SUS) and use of Group Policy to configure clients to use SUS for Automatic Updates. Review SMS features and learn how to install and distribute SUS packages for SMS. • TechNet Webcast: Designing a Secure , Reliable, and Usable Patch Management Infrastructure December 2, 2003: Patch management is one of the core tenants of any security policy. This session provides practical advice on designing and deploying an effective and responsive patch management infrastructure with Microsoft tools and technologies. In addition, the Microsoft Solution for Patch management will be introduced and its core operating architecture discussed in depth. • TechNet Webcast: Asset Management in SMS 2003 September 24, 2003: SMS delivers the tools necessary for managing enterprise Windows environments. This webcast discusses how SMS 2003 works with asset management, covering inventory, software metering, and Web-enabled reporting. • Microsoft Executive Circle Webcast: SMS 2003 Early Adopter Program Feedback September 18, 2003: SMS 2003 has been used by about 60 customers and deployed on more than 100,000 desktops for more than a year now. This session gives you an understanding of results from this rigorous evaluation including scalability and reliability information, as well as lessons learned around deploying and operating SMS 2003 in production enterprises. • Microsoft Executive Circle Webcast: Benefits of a Well-Managed Environment September 10, 2003: There is an assortment of technologies on the market to help enterprises manage their investment in Windows services and devices. However, putting them together to create an optimal experience in managing a Windows enterprise is sometimes difficult. This session explains the processes and technologies that you can use to increase your agility and decrease your operational costs on the Windows platform. • Technical Overview of Systems Management Server 2003 July 29, 2003: Tune in for this in-depth discussion about Systems Management Server 2003. Learn about mobile client support, Active Directory integration, software metering, Web reporting and inventory improvements, infrastructure changes, setup, and upgrades. • Upgrading from Systems Management Server 2.0 to 2003 June 17, 2003: Learn the steps necessary to prepare your Systems Management Server (SMS) 2.0 site for an upgrade to SMS 2003.

2002 Webcasts • An Introduction to Software Update Management Using SMS 2.0 August 14, 2002: Learn about the key problems that customers face when they try to deploy security updates (patches) to their Microsoft Windows NT, Microsoft Windows 2000, and Microsoft Windows XP computers.

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Gmail themes

Following the footsteps of Google's personalized homepage, Gmail added themes. Once the new option is enabled in your account (as usually, Gmail's new features are slowly rolled out), you'll find a tab named "Themes" in the settings page and you'll be able to choose from 30 themes. "We wanted to go beyond simple color customization, so out of the 30 odd themes we're launching today, there's a shiny theme with chrome styling, another one that turns your inbox into a retro notepad, nature themes that change scenery over time, weather driven themes that can rain on your mailbox, and fun characters to keep you in good company," mentions Gmail's blog.

Unlike other webmail services, Gmail has never provided too many customization options and users had to rely on themes created for third-party extensions like Stylish, which usually slowed down Gmail and weren't resilient to code changes.

Gmail's help center provides an interesting tidbit about the new themes: "In some cases, you can also customize by location. Some themes change during the day, and we use the location information you provide to correctly time these changes with your local sunrise, sunset, and/or weather. If you select one of these themes, you'll see a Country/Region drop-down menu appear."

-------------------
Thanks,
http://paddymaddy.blogspot.com/

my Google Group

Yep I have other Google Group in the public

 

http://groups.google.co.in/group/ms-technologies-ans-by-pavan/browse_thread/thread/4049a1df34452f6a?hl=en
 

 

 

SCCM 2007 Software Updates Standard Reports

Microsoft provides 34 standard reports, grouped in five categories.

Note that the collection specified does not have to be one used in a corresponding deployment unless note otherwise below. Appropriate information will be reported for whatever computers are in the specified collection. This allows reporting on coarser or finer levels of computers as desired.

<secondary> in a report title means it is linked from other reports.

Software Updates - A. Compliance

These reports show the degree to which portions or all of your network are in compliance. Reports can be based on Collections, Update Lists, Updates, Deployments, Vendors, or specific computers. They can provide high level summary data, and linked reports permits drilling down to details that can be used to increase the compliance rates.

• Compliance 1 - Overall Compliance
  • Description: This report returns the overall compliance data for an Update List.
  • Specify Upate List & Collection
  • Lists number and percentage of computers in each state
  • Links to Compliance 8, listing all computers in that Update List with a specific state
• Compliance 2 - Specific software update
  • Description: This report returns the compliance data for a specified software Update.
  • Specify Collection and Update
  • Lists number of machines installed, required, not required and unknown, with percentages compliant, not compliant and unknown
  • Links to Compliance 7, which lists numbers by state. That links to Compliance 9, which lists individual computers in a specific state.
• Compliance 3 - Update list (per update)
  • Description: This report returns the compliance data for software updates defined in an Update List
  • Specify Update List and Collection
  • Lists individual updates in the list with approved status and statistics as in Compliance 2
  • Links to Compliance 7, which lists numbers by state. That links to Compliance 9, which lists individual computers in a specific state.
• Compliance 4 - Deployment (per update)
  • Description: This report returns the compliance data for software updates defined in a Deployment
  • Specify Deployment and Collection
  • Lists individual updates in the list with approved status and statistics as in Compliance 2
  • Links to Compliance 7, which lists numbers by state. That links to Compliance 9, which lists individual computers in a specific state.
• Compliance 5 - Updates by vendor/month/year
  • Description: This report returns the compliance data for software updates released by a vendor during a specific month and year. To limit the amount of information returned, you can specify the software update class and product.
  • Specify Collection, Vendor and Year, Month (optional), Update Class (Securiity Updates, Critical Updates, etc) (optional) and Product (optional)
  • Lists individual updates in the list with approved status and statistics as in Compliance 2
  • Links to Compliance 7, which lists numbers by state. That links to Compliance 9, which lists individual computers in a specific state.
• Compliance 6 - Specific computer
  • Description: This report returns the software update compliance data for a specific computer. To limit the amount of information returned, you can specify the vendor and software update classification.
  • Specify computer, vendor (optional) and update class (optional)
  • Lists each update in the requested vendor and class, showing status of approved, installed, required and deadline.
  • Links to no other reports.
• Compliance 7 - Specific software update states <secondary>
  • Description: This report returns the count and percentage of computers in each compliance state for the specified software update. For best results, start with 'Compliance 2 - Specific software update' and then drill into this report to return the count of computers in each compliance state.
• Compliance 8 - Computers in a specific compliance state for an update list <secondary>
  • Description: This report returns all computers in a collection that have a specific overall compliance state against a software update list. For best results, start with 'Compliance 1 - Overall Compliance' to return the count of computers in each of the compliance states and then drill into this report to return the computers in the selected compliance state.
• Compliance 9 - Computers in a specific compliance state for an update <secondary>
  • Description: This report returns all computers in a collection that have a specific compliance state for a software update. For best results, start with 'Compliance 2 - Specific software update'. Next drill into 'Compliance 7 - Specific software update states ' to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state.

Software Updates - B. Deployment Management

These reports are designed to help manage update deployments.

• Management 1 - Updates required but not deployed
  • Description: This report returns all vendor-specific software updates that have been detected as required on clients but that have not been deployed to a specific collection. To limit the amount of information returned, you can specify the software update class.
  • Specify Collection, Vendor, Update Class (optional)
  • Lists each update applicable to at least one computer, with the number and percentage of computers that require the update
  • Links to no other reports
• Management 2 - Updates in a deployment
  • Description: This report returns the software updates that are contained in a specific deployment.
  • Specify Deployment
  • Lists each update in the deployment with compliance statistics
  • Links to States 5 which lists each state for a selected update. That report links to States 6 with the list of computers in a selected state.
• Management 3 - Deployments that target a collection
  • Description: This report returns all software update deployments that target a specific collection
  • Specify Collection (no data will be returned for collections that were not used in deployments)
  • Lists individual deployments with times Available, Deadline and Last Modified
  • Links to Management 2 to provide details about selected deployment
• Management 4 - Deployments that target a computer
  • Description: This report returns all software update deployments that target a specific computer.
  • Specify Computer name
  • Lists individual deployments with times Available, Deadline and Last Modified
  • Links to Management 2 to provide details about selected deployment
• Management 5 - Deployments that contain a specific update
  • Description: This report returns all deployments that contain a specific software update. Use this report to track the deployments that have targeted the software update to clients in the associated collection.
  • Specify Software Update
  • Lists individual deployments with times Available, Deadline and Last Modified
  • Links to Management 2 to provide details about selected deployment
• Management 6 - Deployments that contain an update list
  • Description: This report returns all deployments that contain all of the software updates defined in a specified Update List.
  • Specify Update List
  • Lists individual deployments with times Available, Deadline and Last Modified
  • Links to Management 2 to provide details about selected deployment
• Management 7 - Updates in a deployment missing content
  • Description: This report returns the software updates in a specified deployment that do not have all of the associated content retrieved, preventing clients from installing the update and achieving 100% compliance for the deployment.
  • Specify Deployment
  • Lists update, number of computers missing content
  • Links to Management 8 to provide details of computers missing a selected update
• Management 8 - Computers missing content <secondary>
  • Description: This report returns all computers that require a specific software update contained in a specific deployment that is not provisioned on a distribution point. For best results, start with 'Management 7 - Updates in a deployment missing content' to return all software updates in the deployment that have not been provisioned, and then drill into this report to return all computers that require the software update.

Software Updates - C. Deployment States

These reports help track the status and results of a Deployment.

• States 1 - Enforcement states for a deployment
  • Description: This report returns the enforcement states for a specific software update deployment, which is typically the second phase of a deployment assessment. For the overall progress of software update installation, use this report in conjunction with 'Evaluation state for a specific software update deployment'.
  • Specify Deployment
  • Lists deployment name, Time Available and Deadline, with number of computers and percentage last reporting each state
  • Links to States 4 with details of computers with the selected state
• States 2 - Evaluation states for a deployment
  • Description: This report returns the evaluation state for a specific software update deployment, which is typically the first phase of a deployment assessment. For the overall progress of software update installation, use this report in conjunction with Enforcement state for a specific software update deployment.
  • Specify Deployment
  • Lists deployment name, Time Available and Deadline, with number of computers and percentage last reporting each state
  • Links to States 4 with details of computers with the selected state
• States 3 - States for a deployment and computer
  • Description: This report returns the states for all software updates in the specified deployment for a specified computer.
  • Specify Deployment, Computer Name
  • Lists each update with state and error status ID
  • Links to States 7, showing status messages for the selected update
• States 4 - Computers in a specific state for a deployment <secondary>
  • Description: This report returns all computers in a specific state for a software update deployment. For best results, start with 'States 1 - Enforcement states for a deployment' or 'States 2 - Evaluation states for a deployment' to identify the states for the deployment, and then drill into this report to return all computers in the specific state.
• States 5 - States for an update in a deployment <secondary>
  • Description: This report returns a summary of states for a specific software update targeted by a specific deployment. For best results, start with 'Management 2 - Updates in a deployment' to return the software updates contained in a specific deployment, and then drill into this report to return the state for the selected software update.
• States 6 - Computers in a specific enforcement state for an update <secondary>
  • Description: This report returns all computers in a specific enforcement state for a specific software update. For best results, start with 'Management 2 - Updates in a deployment' to return the software updates contained in a specific deployment, drill into 'States 5 - States for an update in a deployment ' to return the states for the selected software update, and then drill into this report to return all computers in the selected state.
• States 7 - Error status messages for a computer <secondary>
  • Description: This report returns all status messages for a given Update or Deployment on a particular Computer for a given Status Message ID.

Software Updates - D. Scan

These reports help manage scanning.

• Scan 1 - Last scan states by collection
  • Description: This report returns the count of computers in each of the compliance scan states returned by clients during their last compliance scan filtered on a given Collection.
  • Specify Source (WSUS server) and collection
  • Lists number of machines with each scan state
  • Links to Scan 3, listing machines with selected scan state and showing last scan date/time
• Scan 2 - Last scan states by site
  • Description: This report returns the count of computers in each of the compliance scan states returned by clients during their last compliance scan.
  • Specify Update Source, Site
  • Lists number of machines with each scan state
  • Links to Scan 4, listing computers and last scan time with selected scan state
• Scan 3 - Clients of a collection reporting a specific state <secondary>
  • Description: This report returns all computers that are assigned to a specific site server and that reported a specific state during their last compliance scan filtered on a giiven collection.
• Scan 4 - Clients of a site reporting a specific state <secondary>
  • Description: This report returns all computers that are assigned to a specific site server and that reported a specific state during their last compliance scan.

Software Updates - E. Troubleshooting

These reports help identify and troubleshoot problems.

• Troubleshooting 1 - Scan errors
  • Description: This report returns a grouped listing of all the different scan errors on the site along with a count of the number of clients which are failing because of these errors.
  • Specify Update Source, Collection
  • Lists Scan errors with number of failing clients
  • Links to Troubleshooting 3
• Troubleshooting 2 - Deployment errors
  • Description: This report returns a grouped listing of all the different deployment errors on the site along with a count of the number of clients which are failing because of these errors.
  • Specify Deployment
  • Lists Deployment errors with number of failing clients
  • Links to Troubleshooting 4
• Troubleshooting 3 - Computers failing with a specific scan error <secondary>
  • Description: This report returns a list of the computers on which scan is failing because of a specific error.
• Troubleshooting 4 - Computers failing with a specific deployment error <secondary>
  • Description: This report returns a list of the computers on which the deployment of update is failing because of a specific error.

Software Updates - F. Distribution Status for SMS 2003 Clients

These reports help manage updates applied to SMS 2003 clients.

• Distribution 1 - Advertisement Status for SMS 2003 clients
  • Description: This report lists all software distribution advertisements for the selected update. For each advertisement it also shows the advertisement state and count of machines in that state. This report also covers additional advertisement states available for software update advertisements.
  • Specify Type (Microsoft Update), Update
  • Lists (unknown)
  • Links to no reports
• Distribution 2 - SMS 2003 clients with a specific update advertisement state
  • Description: This report shows a list of computers which are in a specific state of an advertisement. This report also covers additional advertisement state available for software update advertisements.
  • Specify Advertisement, Distribution Status, Update Distribution Status (optional)
  • Lists (unknown)
  • Links to no reports
  • 
    -------------------
    Thanks,
    http://paddymaddy.blogspot.com/
    

Difference Between SCCM & Essentails

The main difference between SCCM & Essentails is that Essentials supports up to 500 clients and 30 servers. That's the limit, if your organization is bigger than that go for SCCM. Essentials don't include support for OS Deployment but you can solve that by using MS Deployment Toolkit 2008, which is a free product and use it side by side. Essentials also include features from Operations Manager for monitoring of servers

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Differences Between System Center Configuration Manager 2007 and SMS 2003

I found this nice article explaining the differences between System Center Configuration Manager 2007 and SMS 2003.

It's categorized to what's new, what's changed and what's the same.

Definately worth reading for those planning to migrate to ConfigMgr 2007.

-------------------
Thanks,
http://paddymaddy.blogspot.com/

Configuration Manager in Multiple Active Directory Forests

From MSLink

 

Configuration Manager primary sites can be configured to span multiple Active Directory forests. It is not supported to install secondary sites in a remote Active Directory forest from their parent primary site. It is supported for a Configuration Manager 2007 site hierarchy to have primary sites or clients in a remote Active Directory forest.

When deploying Configuration Manager 2007 across multiple Active Directory forests, plan for the following considerations when designing your Configuration Manager 2007 hierarchy:

• Communications within a Configuration Manager 2007 site
  
• Communications between Configuration Manager 2007 sites
  
• Support for clients across forests
  
  • Configuring clients across Active Directory forests
    
  • Approving clients (mixed mode) across Active Directory forests
    
  • Roaming support across Active Directory forests
    

Cross-Forest Communications within a Configuration Manager Site

There are only two supported scenarios in which site systems within a single site are supported across Active Directory forests:

• The System Health Validator point, used with Network Access Protection.
  
• Internet-based client management, which supports the following site systems installed in a separate forest to the site server:
  
  • Management point
    
  • Distribution point
    
  • Software update point
    
  • Fallback status point
    

  In either supported scenario, even if there is a two-way trust between the two forests, or external trusts between the site server's domain and the site system domain, you must specify a Windows user account for installation and configuration of the site system.

  There is an additional cross-forest configuration that applies to the site systems that support Internet-based client management. When these site systems are installed in a different forest than the site server, and you want to ensure that communication is only ever initiated from the site server to the site systems, and never from the site systems to the site server, enable the site system option Allow only site server initiated data transfers from this site system. In an Internet-based client management scenario where these site systems are installed in a perimeter network, this configuration ensures that all connections between these site systems and the intranet are only initiated from the intranet, and not from the untrusted network. It is therefore a more secure solution than accepting connections into the intranet that are initiated from the perimeter network. However, if you choose this cross-forest configuration, be aware of the following considerations:

  • You must configure a Windows user account for installation, even if there is a trust relationship between the two forests.
    
  • This configuration results in some latency in sending status messages to the site, with a decrease in performance on the site server.
    

  Important
  All other site systems within a site that are not listed above must reside within the same Active Directory forest. They can be installed in different domains within the forest, with the exception of the site server, SMS Provider computer, reporting point, and site database server which must all reside in the same domain.

  Cross-Forest Communications between Configuration Manager Sites

  Data is sent between sites in a Configuration Manager 2007 hierarchy to enable central administration within a distributed model. For example, advertisements and packages flow down from a primary site to a child primary site, and inventory data from child primary sites are sent up to the central primary site. This information is sent between site servers in the hierarchy when the site communicates with a parent or child site. Data sent between sites is signed by default, and because sites in different Active Directory forests cannot automatically retrieve keys from Active Directory, manual key exchange using the hierarchy maintenance tool (Preinst.exe) is required to configure inter-site communication.

  When one or more primary sites in the Configuration Manager 2007 site hierarchy are located within different Active Directory forests, an Active Directory forest trust is not required to enable site-to-site communication as long as domain user accounts are properly configured in the sender address properties for each site. If you do not configure domain user accounts as site address accounts in the sender address properties of each site, the site server computer accounts will be used. If the site server computer accounts are used as the site address accounts, all Active Directory forests must be configured for the Windows Server 2003 forest functional level and have a two-way trust to enable site-to-site communication to succeed.

  Cross-Forest Client Support

  If you have clients that are in a different forest than their assigned site server's forest, use the following information to ensure that they are configured correctly.

  Configuring Clients across Active Directory Forests

  Configuration Manager 2007 clients on the intranet use Active Directory Domain Services as their primary method of service location and configuration. If you have clients that reside in a separate forest, they will not be able to retrieve information that is published to Active Directory Domain Services by their assigned site server.

  For these clients to be managed, you must ensure that alternative methods are available for the following:

  • Site compatibility check to complete site assignment
    
  • Service location for management points, and the server locator point if this is not directly assigned
    
  • Native mode configuration
    

  Configure these clients as if Active Directory Domain Services is not extended for Configuration Manager 2007. The information that these clients will need, together with additional configuration steps is listed in the section "Feature and Function Considerations for Extending the Active Directory Schema for Configuration Manager" in the following topic: Decide If You Should Extend the Active Directory Schema.

  Approving Clients (Mixed Mode) Across Active Directory Forests

  If the site is in mixed mode and you are using the site configuration of Automatically approve computers in trusted domains, you must configure the management point with an intranet fully qualified domain name (FQDN).

  For more information about approval, see About Client Approval in Configuration Manager and for procedural information about how to specify the management point's FQDN, see How to Configure the Intranet FQDN of Site Systems.

  Roaming Support across Active Directory Forests

  Clients can perform global roaming within the forest of their assigned site if all sites within the hierarchy publish site information to Active Directory Domain Services. Roaming allows clients to download software distribution package content from distribution points closest to them when they roam within the boundaries of a sibling site, a site higher in the hierarchy than their assigned site, or are otherwise not within the boundaries of their assigned site.

  If the Active Directory schema has not been extended for Configuration Manager 2007, or sites are not publishing site data to Active Directory Domain Services, clients can use a server locator point to perform regional roaming. Regional roaming allows clients to find local software distribution package content when the site that they roam into is lower in the hierarchy than their assigned site. If a server locator point is not deployed, regional roaming is supported if all management points are registered in WINS or DNS.

  See Also

  Tasks

  How to Configure Internet-Based Site Systems to Allow Only Site Server Initiated Data Transfers
  How to Automatically Publish the Default Management Point to DNS
  

  Concepts

  About Network Access Protection and Multiple Active Directory Forests
  Determine If You Need a Server Locator Point for Configuration Manager Clients
  Determine Server Placement for Internet-Based Client Management
  Overview of Internet-Based Client Management
  
  -------------------
  Thanks,
  http://paddymaddy.blogspot.com/