3.5. Removing a System from an Identity Domain
To remove a system from an identity domain, use the
realm leave
command. The command removes the domain configuration from SSSD and the local system.
# realm leave ad.example.com
By default, the removal is performed as the default administrator. For AD, the administrator account is called
Administrator
; for IdM, it is called admin
. If a different user was used to join to the domain, it might be required to perform the removal as that user. To specify a different user, use the -U
option:
# realm leave ad.example.com -U 'AD.EXAMPLE.COM\user'
The command first attempts to connect without credentials, but it prompts for a password if required.
Note that when a client leaves a domain, the computer account is not deleted from the directory; the local client configuration is only removed. If you want to delete the computer account, run the command with the
--remove
option specified.
For more information about the
realm leave
command, see the realm(8) man page.