Leave a Domain and Uninstall the AD Bridge Enterprise Agent

You can remove a computer from a domain without necessarily disabling or deleting the computer's account in Active Directory. If needed, you can uninstall the AD Bridge Enterprise agent from a client computer.

Leave a Domain

When a computer is removed from a domain, AD Bridge retains the settings that were made to the computer's configuration when it was joined to the domain. Changes to the nsswitch module are also preserved until you uninstall AD Bridge, at which time they are reverted.

Before leaving a domain, run the following command to view the changes that will take place:

domainjoin-cli leave --advanced --preview domainName

Example:

[root@rhel4d example]# domainjoin-cli leave --advanced --preview example.com
Leaving AD Domain:    EXAMPLE.COM
[X] [S] ssh	              - configure ssh and sshd
[X] [N] pam	              - configure pam.d/pam.conf
[X] [N] nsswitch 	      - enable/disable  nsswitch module
[X] [N] stop 	              - stop daemons
[X] [N] leave 	              - disable machine account
[X] [N] krb5	              - configure krb5.conf
[F] keytab	              - initialize kerberos keytab
 	 
Key to flags	 
[F]ully configured	      - the system is already configured for this step
[S]ufficiently configured    - the system meets the minimum configuration requirements for this step
[N]ecessary	              - this step must be run or manually performed
[X]	                      - this step is enabled and will make changes
[ ]	                      - this step is disabled and will not make changes

Remove a Linux or Unix Computer from a Domain

To remove the computer, use a root account to run the following command:

/opt/pbis/bin/domainjoin-cli leave

Disable the Computer Account in Active Directory

By default, a computer account in Active Directory is not disabled or deleted when the computer is removed from the domain.

To disable but not delete the computer account, include the user name as part of the leave command. You will be prompted for the user account password:

/opt/pbis/bin/domainjoin-cli leave userName

Remove the Computer Account in Active Directory

To delete the computer account, use the option --deleteAccount and include the user name as part of the leave command.

You will be prompted for the password of the user account:

/opt/pbis/bin/domainjoin-cli leave --deleteAccount userName

Uninstall the Agent on a Linux or Unix Computer

You can uninstall AD Bridge Enterprise by using a shell script or by using a command.

Use a Shell Script to Uninstall

 

Before uninstalling the agent, you must leave the domain. Then execute the uninstall command from a directory other than pbis so that the uninstall program can delete the pbis directory and all its subdirectories. For example, execute the command from the root directory.

For more information, please see AD BridgeBeyondInsight/Password SafeDevOps Secrets SafePrivilege ManagementPrivileged IdentityPrivileged Remote AccessRemote SupportVulnerability Managementwww.beyondtrust.combeyondtrust.comContact SalesContact Support.

If you installed the agent on a Linux or Unix computer by using the shell script, you can uninstall the AD Bridge Enterprise agent from the command line by using the same shell script with the uninstall option.

To uninstall the agent, you must use the shell script with the same version and build number that you used to install it.. For example, on a Linux computer running  glibc, change directories to the location of AD Bridge Enterprise and then run the following command as root, replacing the name of the script with the version you installed:

./adbridge-x.x.x.xxx.linux.oldlibc.x86_64.rpm.sh uninstall

For information about the script's options and commands, execute the following command:

./adbridge-x.x.x.xxx.linux.x86_64.rpm.sh help

Use a Command to Uninstall

To uninstall AD Bridge Enterprise by using a command, run the following command:

/opt/pbis/bin/uninstall.sh uninstall

To completely remove all files related to AD Bridge Enterprise from your computer, run the command as follows instead. If using this command and option, you do not need to leave the domain before uninstalling.

/opt/pbis/bin/uninstall.sh purge