Chapter 8. Querying domain information using SSSD
Security System Services Daemon (SSSD) can list domains in Identity Management (IdM), including Active Directory domains in the cross-forest trust. You can also verify the status of each of the listed domains:
8.1. Listing domains using sssctl
The sssctl domain-list command helps debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges
-
The
sssctlis available on RHEL 7 and RHEL 8 systems
Procedure
To display help for the sssctl command, enter:
[root@client1 ~]# sssctl --help ....- To display a list of available domains, enter:
[root@client1 ~]# sssctl domain-list
implicit_files
idm.example.com
ad.example.com
sub1.ad.example.comThe list includes domains in the cross-forest trust between Active Directory and Identity Management.
8.2. Verifying the domain status using sssctl
The sssctl domain-status command helps debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges
-
The
sssctlis available on RHEL 7 and RHEL 8 systems
Procedure
To display help for the sssctl command, enter:
[root@client1 ~]# sssctl --helpTo display user data for a particular domain, enter:
[root@client1 ~]# sssctl domain-status idm.example.com Online status: Online Active servers: IPA: master.idm.example.com Discovered IPA servers: - master.idm.example.com
The domain idm.example.com is online and visible from the client where you applied the command.
If the domain is not available, the result is:
[root@client1 ~]# sssctl domain-status ad.example.com
Unable to get online status