SCCM Group Discovery to Untrusted Domains
SCCM can run discovery to find group membership in an untrusted domain, but the setup is a little different than your standard setup. First, you must specify a domain controller in the other domain. It cannot be the domain name. Second, the distinguished name of the groups must be typed out, they cannot be found by clicking “Browse”. If you open the properties of the group from ADUC, the Attribute Editor tab will also have it so you can copy/paste. Finally, you must specify an account in the target domain.