Would SCCM require a second SubCA when using HTTPS with 2 domains?

in flag

I have a domain called one.local. It already has it's own Windows Root CA and SubCA.

There is a second domain called two.local that is using SSCM. The team that is managing two.local wants to manage select machines located on one.local using SCCM. Two.local has it's own Root CA and SubCA. The two.local team is requesting I build a new SubCA on one.local so that they can manage the machines with SSCM. Can they not use the SubCA that already exists on one.local?

I've been advised that the two.local team specifies the two.local CA in a SCCM Management Point. Can more than one CA be added to this Management Point? Such as the one.local and two.local CA.

I have no experience with SCCM and won't be using it. I'm reading up on SCCM and trying to figure out if this is what needs to be done to use it on multiple domains. Are there any other alternative solutions that may be better?

Could the team not just add the root certificate from two.local to the trusted root certificate store of the select computers in one.local?


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.