ports for sccm 2012

We have Two untrusted forests separated by firewalls. we will install sccm site in forest A. we will also install management point and distribution point in the forest B. system discovery doundary groups are all clear. my question is related to client deployment and DNS

1. Is it required to open ports between sccm site server in forest A to all client computers in forest B. we will  have a MP/DP in forest B. for client push I believe sccm site server needs to communicate with all the clients in forest B. this is a issue for us. instead can we deploy the agent using Group policy and close ports between clients in forest B to sccm site server.

2. as there has to be name resolution between the forests we are planning ro use conditional forwarders. but conditional forwarders will allow all users to resolve names in domain A. this is an issue. can we use anything else like a host file for name resolution.

we want clients in forest B only talk to mp/dp installed in the forest. we do  not want to open ports between clients in forest B to sccm site server in forest A.
Aamer-Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ScobberConnect With a Mentor Commented:
Why not use a conditional forwarder to msdcs. Sitea.local and siteb.local

Then create a alternate domain in each site serving the names required. I'm assuming it's all static ip on any infrastructure your users desire access to
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.