Chapter 8. Querying domain information using SSSD

Security System Services Daemon (SSSD) can list domains in Identity Management (IdM), including Active Directory domains in the cross-forest trust. You can also verify the status of each of the listed domains:

8.1. Listing domains using sssctl

The sssctl domain-list command helps debug problems with the domain topology.

Note

The status might not be available immediately. If the domain is not visible, repeat the command.

Prerequisites

  • You must be logged in with administrator privileges
  • The sssctl is available on RHEL 7 and RHEL 8 systems

Procedure

  1. To display help for the sssctl command, enter:

    [root@client1 ~]# sssctl --help
    ....
  2. To display a list of available domains, enter:
[root@client1 ~]# sssctl domain-list
implicit_files
idm.example.com
ad.example.com
sub1.ad.example.com

The list includes domains in the cross-forest trust between Active Directory and Identity Management.

8.2. Verifying the domain status using sssctl

The sssctl domain-status command helps debug problems with the domain topology.

Note

The status might not be available immediately. If the domain is not visible, repeat the command.

Prerequisites

  • You must be logged in with administrator privileges
  • The sssctl is available on RHEL 7 and RHEL 8 systems

Procedure

  1. To display help for the sssctl command, enter:

    [root@client1 ~]# sssctl --help
  2. To display user data for a particular domain, enter:

    [root@client1 ~]# sssctl domain-status idm.example.com
    Online status: Online
    
    Active servers:
    IPA: master.idm.example.com
    
    Discovered IPA servers:
    - master.idm.example.com

The domain idm.example.com is online and visible from the client where you applied the command.

If the domain is not available, the result is:

[root@client1 ~]# sssctl domain-status ad.example.com
Unable to get online status