The connection account enables the MP to communicate with the site’s DB so it should be a domain account in the same domain as the SQL server hosting the site’s DB. ConfigMgr should grant the proper permissions to the account specified in the console automatically.
Side question, why? Is there a firewall or some other network restriction between the members of that untrusted domain that you will be managing and your main infrastructure or are they perhaps remote? J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Boseman, Marcia H - Raleigh, NC Sent: Wednesday, July 19, 2017 8:30 PM To: mssms@lists.myitforum.com Subject: [mssms] SCCM 2012 MP in Untrusted Domain I am setting a management point in an untrusted forest/domain. I can get the MP to install but would like clarification as what account to use for the Management Point Connection account. Should it be a Domain account where the primary resides that has SQL rights?