Chapter 8. Querying domain information using SSSD

Security System Services Daemon (SSSD) can list domains in Identity Management (IdM) as well as the domains in Active Directory that is connected to IdM by a cross-forest trust.

8.1. Listing domains using sssctl

You can use the sssctl domain-list command to debug problems with the domain topology.

Note

The status might not be available immediately. If the domain is not visible, repeat the command.

Prerequisites

  • You must be logged in with administrator privileges
  • The sssctl tool is available on RHEL 7 and RHEL 8 systems.

Procedure

  1. To display help for the sssctl command, enter:

    [root@client1 ~]# sssctl --help
    ....
  2. To display a list of available domains, enter:
[root@client1 ~]# sssctl domain-list
implicit_files
idm.example.com
ad.example.com
sub1.ad.example.com

The list includes domains in the cross-forest trust between Active Directory and Identity Management.

8.2. Verifying the domain status using sssctl

You can use the sssctl domain-status command to debug problems with the domain topology.

Note

The status might not be available immediately. If the domain is not visible, repeat the command.

Prerequisites

  • You must be logged in with administrator privileges
  • The sssctl tool is available on RHEL 7 and RHEL 8 systems.

Procedure

  1. To display help for the sssctl command, enter:

    [root@client1 ~]# sssctl --help
  2. To display user data for a particular domain, enter:

    [root@client1 ~]# sssctl domain-status idm.example.com
    Online status: Online
    
    Active servers:
    IPA: server.idm.example.com
    
    Discovered IPA servers:
    - server.idm.example.com

The domain idm.example.com is online and visible from the client where you applied the command.

If the domain is not available, the result is:

[root@client1 ~]# sssctl domain-status ad.example.com
Unable to get online status