To deploy this scenario you need to deploy 2 Domain Controllers in 2 Different forest, have SCCM installed with all the requirements installed on any 1 of the Forest, have some test systems for SCCM Client installation

Systems used in this case are

Forest Name






SCCM Server


Client System in


 Below are the steps will be required to be carried out for creating DNS (Conditional Forwarder)

              a)       You need to open the DNS management console on the domain controllers.

Domain controller:

Right click on the Conditional Forwarder à Select New Conditional Forwarder.

Enter the IP Address and the DNS Domain name of the untrusted Forest as shown in the image below.

Select OK on the below window.

Now go to the Conditional Forwarders you will see the recent forwarder created there right click go to Properties verify the IP address .

Once both the sides conditional forwarder are created we see the below screen after selecting the edit button on the above image (In the properties of the new created Conditional Forwarder)

Domain Controller 2 in the Different forest the same above steps needs to be repeated to create a conditional forwarder.

Domain Controller:


Schema Extending for SCCM in the Untrusted Forest:

For this you will require to Dump the SCCM install files / mount ISO on the Domain Controller.

Step 1: Go to start Run à Type adsiedit.msc click on OK.

Step 2: Verify if you have System Management OU created if not right click on System OU and create a new Container àOU with the name System Management.

You will also require to create a Services Account which will be used to publishing the data and make changes by updating the SCCM Server information in the Other Forest.

Once the SYSTEM MANAGEMENT OU is created you will need to give rights to the service account created to publish the SCCM information.

Below are the steps to delegate control on System Management OU.

Right Click on System Management OU à Delegate Control

Select the user which needs to be given access.