Contact Us Get Free Products
Search icon Contact Us Get Free Products
SCCM/MECM

Browsing Sites in Create Boundary Section won’t provide Multi-Domain Active Directory Sites

Nicolas PilonMay 27 20142 Min Read

Founder of System Center Dudes. Nick has been awarded in 2016 to 2019 as a Microsoft MVP in Enterprise Mobility category. Working as a senior SCCM and Intune advisor as well as a specialist Microsoft Cloud solutions specialist.

Nicolas Pilon

Vice-President
SCD Collaborators

One of the fundamentals aspect of configuration manager is the boundary because you can’t manage anything without a boundary.  (Thanks to Torsten for pointing that it’s possible to manage client without a boundary). 

There’s different types of boundary like, IP subnet, IP address range, IPv6 prefix and active directory site. The last one is the recommended method and it’s the easiest to manage.

We recently migrate our infrastructure to SCCM 2012 and we have an issue during the boundary configuration. What happen if you have 2 domains with the same active directory site? No big deal, both will be detectable with their respective domain. You think? Yes, we were able to handle it with SCCM 2007.

Everything was going perfect when we activated the active directory forest discovery in the discovery methods and checked the box “Automatically create Active Directory site boundaries when they are discovered” to populate sites within forests.

Create Boundary section won't provide multi-domain Active Directory 01

We realized that all duplicate sites in both domains were not automatically added as a boundary after evaluate the list of active directory sites. I dig into SQL database and look what I discovered, the system see 1 ABC boundary and 2 ABC active directory site.

Create Boundary section won't provide multi-domain Active Directory 02

You can see that WMI class on the primary is also containing both sites.

Create Boundary section won't provide multi-domain Active Directory 03

This problem happens with SCCM 2012 under any versions but it was working perfectly with SCCM 2007.

There’s some solution that can be made like use IP subnet instead but it’s not pretty clean or rename one of duplicate active directory site with unique name but for operation reason, we can’t do it. 

What about adding them manually with the Browsing Active Directory Sites console? 
This tool is simple, it does a LDAP query to your active directory sites. What happen if you have two domains for one primary? Do you think you will see sites from both domains?

Create Boundary section won't provide multi-domain Active Directory 04

The answer is no!

The tool will provide only sites from the one domain. It should be able to scan multiple domains. 

We opened a bug at Microsoft Connect so more info to come.

If you have the same issue, please comment in the Microsoft Connect bug.

***** Update 2015-03-16 *****

The problem is still active on Microsoft Connect. No fix has yet been released by them. You can use IP subnet or IP address range as a workaround for all duplicate AD Sites.

Active Directory Sites AD Site Boundary Duplicate AD Site Multi-Domain SCCM 2012 R2 SCCM 2012 R2 Cu1
SCD Collaborators
Comments (9)

Jay

02.04.2016 AT 07:12 PM
There is a workaround available, although I don't know if it will work for two domains in the same forest: 1. Go to Administration -> Hierarchy Configuration -> Active Directory Forests 2. Right-click on the forest and choose "Show Active Directory Sites". It will show you a list of AD Sites in that forest. 3. Right-click on the AD Site you want, and choose "Add Selected Items to Existing/New Boundary Groups". 4. You will now be able to have an entry for an AD site that didn't show up in the search box when trying to create a boundary. Note: This was performed on the SCCM 1511 update.
Hide replies 1

Nicolas Pilon

02.10.2016 AT 10:44 AM
Hello Jay, I have performed your workaround but I still see only one boundary in my test boundary group when trying to join same AD Site in the same boundary group. However, the description are identical on both domain. Can you send us by email your screenshots? Thanks for your help Nick
Hide replies 0

Luke Torrisi

03.16.2015 AT 12:57 AM
Hi There, I am experiencing the same problem, did you find a solution to this? We have 12 domains in a forest and changing the AD site name is not an option. Thanks, Luke
Hide replies 1

Nicolas Pilon

03.16.2015 AT 11:02 AM
We still didn't receive any news from Microsoft Connect. Using hybrid configuration is a work around for the moment. For all non duplicate AD Sites, use the Active Directory Site boundary and use IP address range or IP subnet for all duplicates AD Site. You can participate by giving your vote or feedback on Microsoft Connect. Thanks
Hide replies 0

Florin

12.10.2014 AT 05:37 AM
The first sentence was right (“”One of the fundamentals aspect of SCCM is the boundary because you can’t manage anything without a boundary"") and Torsten is wrong (""Thanks to Torsten for pointing that it’s possible to manage client without a boundary""). The boundaries are doing absolutely nothing on sccm 2012, are just defining the network limits, but then the Boundary Groups must to be configured for managing the network/DPs/Site code. Without boundaries, you cannot create boundary groups, the only way to use a DP without any boundary group configured, is to enable the "fallback" function on the DP itself, but in that case you have no control on the deployments. You do not need boundaries/boundary groups only if you have only one location, then the DP fallback it is ok, but with multiple locations, the boundaries and boundary groups are vital. Me personally never work in a such a small company with only one location....
Hide replies 0

Jenny

07.22.2014 AT 04:18 AM
I've got the same problem as you but I get an error when I try to connect through to the 'Microsoft Connect' link to add my comment. Have you had a resolution to this problem?
Hide replies 1

Nicolas Pilon

07.22.2014 AT 06:39 AM
Hello Jenny, You need to have a Microsoft Connect account to be able to log on the website. There's no resolution for the moment and the ticket still open. We will update the post as soon we have news from them. Thanks Nick
Hide replies 0

Nicolas Pilon

06.03.2014 AT 07:42 PM
Hi Torsten, You're absolutely right. We have never worked in a company that had no boundary. This is why we called it as fundamental. The post has been modified under your recommendation. Really appreciated. Thanks for your comments.
Hide replies 0

Torsten

06.02.2014 AT 08:14 PM
Just a small addition: the very first statement (""One of the fundamentals aspect of SCCM is the boundary because you can’t manage anything without a boundary. ) is not true at all. You can run a Config;Mgr site without any boundaries (with some limitations like auto site assignment not working and all DPs being considered remote/slow , but that does not stop anything from working).
Hide replies 0
Related posts
Benoit LecoursApril 24 202411 Min Read
Step-by-Step SCCM 2403 Upgrade Guide

Microsoft has released the first SCCM version for 2024 as the release cadence is now reduced to 2...

SCCM/MECM
Benoit LecoursApril 23 20244 Min Read
In-place OS upgrade for SCCM site server

Some releases of SCCM versions require that you upgrade your site server Operating System to...

SCCM/MECM
Marc-Andre ChartrandApril 18 20244 Min Read
SCCM Office 365 dashboard Unmanaged clients

If you’ve always been managing your Office 365 (Now Microsoft 365 Apps) clients with SCCM,...

Office 365 SCCM/MECM
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!