Chapter 8. Querying domain information using SSSD
Security System Services Daemon (SSSD) can list domains in Identity Management (IdM) as well as the domains in Active Directory that is connected to IdM by a cross-forest trust.
8.1. Listing domains using sssctl
You can use the sssctl domain-list command to debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges
-
The
sssctltool is available on RHEL 7 and RHEL 8 systems.
Procedure
To display help for the sssctl command, enter:
[root@client1 ~]# sssctl --help ....- To display a list of available domains, enter:
[root@client1 ~]# sssctl domain-list
implicit_files
idm.example.com
ad.example.com
sub1.ad.example.comThe list includes domains in the cross-forest trust between Active Directory and Identity Management.
8.2. Verifying the domain status using sssctl
You can use the sssctl domain-status command to debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges
-
The
sssctltool is available on RHEL 7 and RHEL 8 systems.
Procedure
To display help for the sssctl command, enter:
[root@client1 ~]# sssctl --helpTo display user data for a particular domain, enter:
[root@client1 ~]# sssctl domain-status idm.example.com Online status: Online Active servers: IPA: server.idm.example.com Discovered IPA servers: - server.idm.example.com
The domain idm.example.com is online and visible from the client where you applied the command.
If the domain is not available, the result is:
[root@client1 ~]# sssctl domain-status ad.example.com
Unable to get online status