To remove a system from an identity domain, use the
realm leave command. The command removes the domain configuration from SSSD and the local system.
# realm leave ad.example.com
By default, the removal is performed as the default administrator. For AD, the administrator account is called
Administrator; for IdM, it is called
admin. If a different user was used to join to the domain, it might be required to perform the removal as that user. To specify a different user, use the
# realm leave ad.example.com -U 'AD.EXAMPLE.COM\user'
The command first attempts to connect without credentials, but it prompts for a password if required.
Note that when a client leaves a domain, the computer account is not deleted from the directory; the local client configuration is only removed. If you want to delete the computer account, run the command with the
--remove option specified.
For more information about the
realm leave command, see the realm(8) man page.