Thanks Brian and Rafeeq.
I think you answered my questions. Let me reiterate for clarity.
I understand that SEPM domains are different than AD domains. I don't think we will be creating separate domains in SEPM. I think we will only create two groups named after the domains.
Given the closed nature of the two AD domains I just wanted to make sure that if I create an Admin account in SEPM and tie it to an admin AD account in Domain A, and SEPM and SEP client comm ports are open (80 and 8014), I should be able to manage SEP clients from both AD domains, using one SEPM server, in which the SEPM console can be accessed from Domain A and Domain B.
I rather not have a SEPM server per domain and separately manage the clients, if for some reason the SEPM must communicate with AD in Domain A and Domain B for authentication/communication.
Rafeeq:
"---> if he is a full admin and mentions the domain name at the log on prompt, he can log in to Domain B.( SEPM domain)
or once logged in to sepm, he can go to admin - domains tab and switch domains"
This has got me a little confused. Does this apply if I will not be creating SEPM domains, just groups with the same names as the AD domains? I would think that SEPM handles the AD authentication when you login to the console regardless of what AD domain you're in? If Domain A is the only domain tied to SEPM for authentication and SEPM handles the AD auth, I should not need to specify the domain, correct?
Sorry for being confusing. Thanks to the both of you for the help.
-Mitesh