Chapter 12. Removing the trust using the command line
Follow this procedure to remove the Identity Management (IdM)/Active Directory (AD) trust on the IdM side using the command line interface.
Prerequisites
- You have obtained a Kerberos ticket as an IdM administrator. For details, see Logging in to IdM in the Web UI: Using a Kerberos ticket.
Procedure
Use the
ipa trust-delcommand to remove the trust configuration from IdM.[root@server ~]# ipa trust-del ad_domain_name ------------------------------ Deleted trust "ad_domain_name" ------------------------------
- Remove the trust object from your Active Directory configuration.
Removing the trust configuration does not automatically remove the ID range IdM has created for AD users. This way, if you add the trust again, the existing ID range is re-used. Also, if AD users have created files on an IdM client, their POSIX IDs are preserved in the file metadata.
To remove all information related to an AD trust, remove the AD user ID range after removing the trust configuration and trust object:
# ipa idrange-del AD.EXAMPLE.COM_id_range
# systemctl restart sssdVerification steps
Use the
ipa trust-showcommand to confirm that the trust has been removed.[root@server ~]# ipa trust-show ad.example.com ipa: ERROR: ad.example.com: trust not found
Additional resources