Chapter 16. Uninstalling an IdM replica

As an administrator, you can remove an Identity Management (IdM) server from the topology.

This procedure describes how you can uninstall an example server named server.idm.example.com.

Prerequisites

  • Before uninstalling a server that serves as a certificate authority (CA), key recovery authority (KRA), or DNS server, make sure these services are running on another server in the domain.
Warning

Removing the last server that serves as a CA, KRA, or DNS server seriously disrupts the Identity Management (IdM) functionality.

Procedure

  1. On all the servers in the topology that have a replication agreement with server.idm.example.com, use the ipa server-del command to delete the replica from the topology:

    [root@another_server ~]# ipa server-del server.idm.example.com
  2. On server.idm.example.com, use the ipa-server-install --uninstall command:

    [root@server ~]# ipa-server-install --uninstall
    ...
    Are you sure you want to continue with the uninstall procedure? [no]: yes
  3. Make sure all name server (NS) DNS records pointing to server.idm.example.com are deleted from your DNS zones. This applies regardless of whether you use integrated DNS managed by IdM or external DNS.