So I'm bad when it comes to certs. This is because you're using PKI right? If you used self signed certs (no PKI) you don't need to do anything right? You can support untrusted domains since the NAC would be used to access the DP to grab content right?
________________________________ From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf of Mote, Todd <mo...@austin.utexas.edu> Sent: Tuesday, November 8, 2016 11:30 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: SCCM - Untrusted domain support As far as my experience has shown me, I have three domains all untrusting of each other and the only way I can get all of those clients into the SCCM in our primary domain is by either each domain having its own CA, that you tell SCCM about, so it can verify the client cert chains, or issuing certificates from the primary domain's CA for all of the untrusted domain's clients. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Monday, November 7, 2016 7:56 PM To: mssms@lists.myitforum.com Subject: [mssms] SCCM - Untrusted domain support Hello, We are in the process of severing domain trusts between our legacy domain(s) and new domain. Domain A = New Domain (CM Current Branch) Domain B = Old Legacy Domain #1 (CM 12R2 SP1) Domain C = Old Legacy Domain # 2 Domain D = Old Legacy Domain # 3 In Domain B, I currently have SCCM 2012 R2 SP1 deployed. This environment supports clients in Domain A, B, C, D. As mentioned above, we will be Breaking domain trusts. The question I have is will I need to deploy Certs to support clients in these domains once the trust or broken? Are there any actions I need to take to support these clients once we break the trust between the domains? Jason Sandy's responded to your previous email of mine, slightly different scenario that I was explaining. I'd like to know if the same rules apply here. Eventually I will be migrating my SCCM infrastructure from Domain B to Domain A. Are there any other considerations I should be making as far as support with certificates? Thanks, Brian Sent from my iPhone