With SCCM 2012 one of the wonderful feature that you get is the SCCM Cross Forest Implementation Made A lot Easy !!


For the best case scenario your cross forests should have Kerberos Authentication Between them . Even if there is no kerberos Authentication A two way external trust , One way External trust , non trusted forests


could be brought under one SCCM Site .


The only exception to this could be forests where strong DMZ restrictions/ Security restrictions  could be present .