Show Table of Contents
3.5. Removing a System from an Identity Domain
To remove a system from an identity domain, use the
realm leave command. The command removes the domain configuration from SSSD and the local system.
# realm leave ad.example.com
By default, the removal is performed as the default administrator. For AD, the administrator account is called
Administrator; for IdM, it is called admin. If a different user was used to join to the domain, it might be required to perform the removal as that user. To specify a different user, use the -U option:
# realm leave ad.example.com -U 'AD.EXAMPLE.COM\user'
The command first attempts to connect without credentials, but it prompts for a password if required.
Note that when a client leaves a domain, the computer account is not deleted from the directory; the local client configuration is only removed. If you want to delete the computer account, run the command with the
--remove option specified.
For more information about the
realm leave command, see the realm(8) man page.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.