Chapter 12. Removing the trust using the command line

download PDF

Follow this procedure to remove the Identity Management (IdM)/Active Directory (AD) trust on the IdM side using the command line interface.



  1. Use the ipa trust-del command to remove the trust configuration from IdM.

    [root@server ~]# ipa trust-del ad_domain_name
    Deleted trust "ad_domain_name"
  2. Remove the trust object from your Active Directory configuration.

Removing the trust configuration does not automatically remove the ID range IdM has created for AD users. This way, if you add the trust again, the existing ID range is re-used. Also, if AD users have created files on an IdM client, their POSIX IDs are preserved in the file metadata.

To remove all information related to an AD trust, remove the AD user ID range after removing the trust configuration and trust object:

# ipa idrange-del AD.EXAMPLE.COM_id_range
# systemctl restart sssd

Verification steps

  • Use the ipa trust-show command to confirm that the trust has been removed.

    [root@server ~]# ipa trust-show
    ipa: ERROR: trust not found
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.