net1994
asked on
Changing boundaries - AD Site to Subnet
Due to a recent change on our network, I can no longer define the site boundaries of a primary site (RCC) by AD site name. We must change boundaries to subnets and I have a few question:
1. Is it easy as just plugging in the two or three subnets for the primary site and that's it? Do I need to change the client push installation properties for the site code? Right now its set to SMSSITE=AUTO.
2. There are several child sites of RCC. These sites actually use their own AD Site code in their site properties. They have their own DP, but they all use RCC as a proxy MP.
3. Do I need to change any settings in the 'System Management' container in AD. There are still SLP/MP entries for 'SMS-MP-RCC-RCCSMS1' & 'SMS-SLP-RCC-RCCSMS1'
4. Do I need to change any of the courier sender properties?
5. Do I need to modify anything is SQL?
Thanks guys!!
1. Is it easy as just plugging in the two or three subnets for the primary site and that's it? Do I need to change the client push installation properties for the site code? Right now its set to SMSSITE=AUTO.
2. There are several child sites of RCC. These sites actually use their own AD Site code in their site properties. They have their own DP, but they all use RCC as a proxy MP.
3. Do I need to change any settings in the 'System Management' container in AD. There are still SLP/MP entries for 'SMS-MP-RCC-RCCSMS1' & 'SMS-SLP-RCC-RCCSMS1'
4. Do I need to change any of the courier sender properties?
5. Do I need to modify anything is SQL?
Thanks guys!!
ASKER
Hayes,
Sorry I forgot to mention we are using SMS 2003, not SCCM. Does that change any of your remarks?
Sorry I forgot to mention we are using SMS 2003, not SCCM. Does that change any of your remarks?
no, the actual structure of sites etc hasnt changed between sms and sccm (excluding Branch DP's)
Hayes has nailed it, some additional comments
(1) The SMSSITECODE=AUTO just means that instead of FORCING the cilent to report to a particular site, the client will use it's Site Boudaries (whether AD Site or IP Subnet) to determine it's Management Point
(2) The clients in your secondary do not use RCC as a 'proxy' management point, RCC is actually their management point. All clients report/use a Primary Site for all policy, as secondary site can be a 'proxy management point', but that is mainly for collecting Inventory/Metering information to send up to the primary via Senders .. the clients still will communicate with the actual primary for their policy
(3) SMS will update this, just ensure that the Primary Site server AD object has at least change access to this container so it can make the changes.
(1) The SMSSITECODE=AUTO just means that instead of FORCING the cilent to report to a particular site, the client will use it's Site Boudaries (whether AD Site or IP Subnet) to determine it's Management Point
(2) The clients in your secondary do not use RCC as a 'proxy' management point, RCC is actually their management point. All clients report/use a Primary Site for all policy, as secondary site can be a 'proxy management point', but that is mainly for collecting Inventory/Metering information to send up to the primary via Senders .. the clients still will communicate with the actual primary for their policy
(3) SMS will update this, just ensure that the Primary Site server AD object has at least change access to this container so it can make the changes.
ASKER
About how long would it take for about 2000 clients to pick up the new boundries? I assume it will take a few days? I can use the SMS tools and Right click 'Refresh Policy, Refresh Machine Policy' on ALL Systems. But this is a bit impractical (I think?) as it won't hit every client at any one time.
Given this uncertainty, is there a query I can run on a collection to show what MP they can now see? Its kind of funny, as I am sure there is a script out there that can do this, but if a client can't find a DP how will they ever run it! A black comedy for sure!! It shouldn't be as drastic as restarting the client?
Given this uncertainty, is there a query I can run on a collection to show what MP they can now see? Its kind of funny, as I am sure there is a script out there that can do this, but if a client can't find a DP how will they ever run it! A black comedy for sure!! It shouldn't be as drastic as restarting the client?
I'll let jon take this one - he's just started on EE and in process of building up his points! (we work together)
The default for clients to check for a new policy is 60 minutes, so theres no need to referesh machine policies. However a machine policy refresh will not force the client to discover the new boundaries.
From a quick investigation it looks like the clients will rediscover what site they belong to every 24 hours, as well as whenever the CCMEXEC service starts.
You can run the report "Clients in a specific site" to view what clients have already picked up the change.
From a quick investigation it looks like the clients will rediscover what site they belong to every 24 hours, as well as whenever the CCMEXEC service starts.
You can run the report "Clients in a specific site" to view what clients have already picked up the change.
ASKER
Boy is this annoying!! What I just found out is the Networking team took the Central site subnet and combined it with the subnet of the sffected primary site in AD Sites and Services.
I went onto the primary site RCC and added the subnet for that site and waiting a bit. As a test, I deployed a small package (use DL from local DP). In the client log, it connects to to both the central site and primary site RCC. Damn!! I ran the excellent overlapping boundaries tool and this confirmed both sites overlap-completly. Now I have to do what I am/was dead set against, on the central site use subnets instead of the AD Site boundary as it is now.
This being the case, do the answers to the above thread questions change at all now that I have to modify the central site? Any major changes/road blocks ahead?
Thanks for the bit of hand-holding guys!1 ;-)
I went onto the primary site RCC and added the subnet for that site and waiting a bit. As a test, I deployed a small package (use DL from local DP). In the client log, it connects to to both the central site and primary site RCC. Damn!! I ran the excellent overlapping boundaries tool and this confirmed both sites overlap-completly. Now I have to do what I am/was dead set against, on the central site use subnets instead of the AD Site boundary as it is now.
This being the case, do the answers to the above thread questions change at all now that I have to modify the central site? Any major changes/road blocks ahead?
Thanks for the bit of hand-holding guys!1 ;-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You've been a HUGE help. Thanks again.
2) is that a question ?
3) if the sites are the same name with new boundaries, those boundaries will update the existing objects. If the SLP's wont change, as the servers are still the same... just their boundaries are defined differently.
4) no. Again, the site codes are stil the same the boundaries are just changing
5) no - never a good idea to update SQL directly when dealing with sccm. Should always be done via the sms provider.