3.5. Removing a System from an Identity Domain

To remove a system from an identity domain, use the realm leave command. The command removes the domain configuration from SSSD and the local system.

# realm leave ad.example.com

By default, the removal is performed as the default administrator. For AD, the administrator account is called Administrator; for IdM, it is called admin. If a different user was used to join to the domain, it might be required to perform the removal as that user. To specify a different user, use the -U option:

# realm leave ad.example.com -U 'AD.EXAMPLE.COM\user'

The command first attempts to connect without credentials, but it prompts for a password if required.

Note that when a client leaves a domain, the computer account is not deleted from the directory; the local client configuration is only removed. If you want to delete the computer account, run the command with the --remove option specified.

For more information about the realm leave command, see the realm(8) man page.