[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


SCOM Across Trusted Domains in Multiple Forests

Published on
14,978 Points
Last Modified:
Justin Owens
We don't support machines, but rather, the people who rely upon them...
I recently ran into a question where someone wanted to deploy SCOM in two different domains.  The problem was that the two sites they used were two domains, and while they trusted each other, they were not in the same forest.   The person asking the question wanted to install the remote agent at his other site, but the installation was failing.

The solution to the question was to deploy a gateway server at the remote site as described in this Technet Article:


The procedural overview as laid out in that article is to:

Request certificates for any computer in the agent, gateway server, management server chain.
Import those certificates into the target computers by using the Operations Manager 2007 MOMCertImport.exe tool.
Distribute the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to the management server.
Run the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe tool to initiate communication between the management server and the gateway.
Install the gateway server.
The detailed directions for each step are laid out there in a simple to understand fashion.
This is actually a very good solution for conditions which require Cross Forest SCOM deployments.  While my personal preference would be to bring both domains into a single forest, there are many reasons (mostly legal or political) to not do so.  In the event you find yourself needing to have a single management point for multiple domains, this is the way I would go.
Here is the Experts-Exchange Question that prompted me to find this solution:



Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month