Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1787
  • Last Modified:

Changing boundaries - AD Site to Subnet

Due to a recent change on our network, I can no longer define the site boundaries of a primary site (RCC) by AD site name.  We must change boundaries to subnets and I have a few question:

1. Is it easy as just plugging in the two or three subnets for the primary site and that's it?  Do I need to change the client push installation properties for the site code?  Right now its set to SMSSITE=AUTO.
2.  There are several child sites of RCC.  These sites actually use their own AD Site code in their site properties.  They have their own DP, but they all use RCC as a proxy MP.
3.  Do I need to change any settings in the 'System Management' container in AD.  There are still SLP/MP entries for 'SMS-MP-RCC-RCCSMS1' & 'SMS-SLP-RCC-RCCSMS1'
4.  Do I need to change any of the courier sender properties?
5.  Do I need to modify anything is SQL?

Thanks guys!!
0
net1994
Asked:
net1994
  • 4
  • 3
  • 3
1 Solution
 
HayesJupeCommented:
1) yes for first part and no for second
2) is that a question ?
3) if the sites are the same name with new boundaries, those boundaries will update the existing objects. If the SLP's wont change, as the servers are still the same... just their boundaries are defined differently.
4) no. Again, the site codes are stil the same the boundaries are just changing
5) no - never a good idea to update SQL directly when dealing with sccm. Should always be done via the sms provider.
0
 
net1994Author Commented:
Hayes,

Sorry I forgot to mention we are using SMS 2003, not SCCM.  Does that change any of your remarks?
0
 
HayesJupeCommented:
no, the actual structure of sites etc hasnt changed between sms and sccm (excluding Branch DP's)
0
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

 
JonLambertCommented:
Hayes has nailed it, some additional comments

(1) The SMSSITECODE=AUTO just means that instead of FORCING the cilent to report to a particular site, the client will use it's Site Boudaries (whether AD Site or IP Subnet) to determine it's Management Point

(2) The clients in your secondary do not use RCC as a 'proxy' management point, RCC is actually their management point.  All clients report/use a Primary Site for all policy, as secondary site can be a 'proxy management point', but that is mainly for collecting Inventory/Metering information to send up to the primary via Senders .. the clients still will communicate with the actual primary for their policy

(3) SMS will update this, just ensure that the Primary Site server AD object has at least change access to this container so it can make the changes.

0
 
net1994Author Commented:
About how long would it take for about 2000 clients to pick up the new boundries?  I assume it will take a few days?  I can use the SMS tools and Right click 'Refresh Policy, Refresh Machine Policy' on ALL Systems.  But this is a bit impractical (I think?) as it won't hit every client at any one time.

Given this uncertainty, is there a query I can run on a collection to show what MP they can now see?  Its kind of funny, as I am sure there is a script out there that can do this, but if a client can't find a DP how will they ever run it!  A black comedy for sure!!    It shouldn't be as drastic as restarting the client?

0
 
HayesJupeCommented:
I'll let jon take this one - he's just started on EE and in process of building up his points! (we work together)
0
 
JonLambertCommented:
The default for clients to check for a new policy is 60 minutes, so theres no need to referesh machine policies.  However a machine policy refresh will not force the client to discover the new boundaries.

From a quick investigation it looks like the clients will rediscover what site they belong to every 24 hours, as well as whenever the CCMEXEC service starts.  

You can run the report "Clients in a specific site" to view what clients have already picked up the change.
0
 
net1994Author Commented:
Boy is this annoying!!  What I just found out is the Networking team took the Central site subnet and combined it with the subnet of the sffected primary site in AD Sites and Services.

 I went onto the primary site RCC and added the subnet for that site and waiting a bit.  As a test, I deployed a small package (use DL from local DP).  In the client log, it connects to to both the central site and primary site RCC.  Damn!!  I ran the excellent overlapping boundaries tool and this confirmed both sites overlap-completly.  Now I have to do what I am/was dead set against, on the central site use subnets instead of the AD Site boundary as it is now.

This being the case, do the answers to the above thread questions change at all now that I have to modify the central site?  Any major changes/road blocks ahead?

Thanks for the bit of hand-holding guys!1 ;-)  
0
 
JonLambertCommented:
NP ... there are no challenges, just add in the subnets, and remove the AD sites.  I've had to do this on ocassion where we have a single AD site covering multiple WAN connected sites (bad design, but not in our control), so we've had to remove the AD site and use subnets for that site instead.  
0
 
net1994Author Commented:
You've been a HUGE help. Thanks again.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now