Leave a Domain and Uninstall the AD Bridge Enterprise Agent

You can remove a computer from a domain without necessarily disabling or deleting the computer's account in Active Directory. If needed, you can uninstall the AD Bridge Enterprise agent from a client computer.

Leave a Domain

When a computer is removed from a domain, AD Bridge retains the settings that were made to the computer's configuration when it was joined to the domain. Changes to the nsswitch module are also preserved until you uninstall AD Bridge, at which time they are reverted.

Before leaving a domain, run the following command to view the changes that will take place:

domainjoin-cli leave --advanced --preview domainName

Example:

[root@rhel4d example]# domainjoin-cli leave --advanced --preview example.com
Leaving AD Domain:    EXAMPLE.COM
[X] [S] ssh	              - configure ssh and sshd
[X] [N] pam	              - configure pam.d/pam.conf
[X] [N] nsswitch 	      - enable/disable  nsswitch module
[X] [N] stop 	              - stop daemons
[X] [N] leave 	              - disable machine account
[X] [N] krb5	              - configure krb5.conf
[F] keytab	              - initialize kerberos keytab
 	 
Key to flags	 
[F]ully configured	      - the system is already configured for this step
[S]ufficiently configured    - the system meets the minimum configuration requirements for this step
[N]ecessary	              - this step must be run or manually performed
[X]	                      - this step is enabled and will make changes
[ ]	                      - this step is disabled and will not make changes

Remove a Linux or Unix Computer from a Domain

To remove the computer, use a root account to run the following command:

/opt/pbis/bin/domainjoin-cli leave

Disable the Computer Account in Active Directory

By default, a computer account in Active Directory is not disabled or deleted when the computer is removed from the domain.

To disable but not delete the computer account, include the user name as part of the leave command. You will be prompted for the user account password:

/opt/pbis/bin/domainjoin-cli leave userName

Remove the Computer Account in Active Directory

To delete the computer account, use the option --deleteAccount and include the user name as part of the leave command.

You will be prompted for the password of the user account:

/opt/pbis/bin/domainjoin-cli leave --deleteAccount userName

Remove a Mac from a Domain

For Mac OS 10.8 and later, the GUI is no longer supported. For AD Bridge v7.0 and later, GUI on any Mac is not supported. Use the CLI commands.

To leave a domain on a Mac OS X computer, administrative privileges are required on the Mac.

  1. In Finder, click Applications.
  2. In the list of applications, double-click Utilities, and then double-click Directory Access.
  3. On the Services tab, click the lock icon and enter an administrator name and password to unlock it.
  4. In the list, click Likewise, and then click Configure.
  5. Enter a name and password of a local machine account with administrative privileges.
  6. On the menu bar at the top of the screen, click the Domain Join Tool menu, and then click Join or Leave Domain.
  7. Click Leave.

Uninstall the Agent on a Linux or Unix Computer

You can uninstall AD Bridge Enterprise by using a shell script or by using a command.

Use a Shell Script to Uninstall

 

Before uninstalling the agent, you must leave the domain. Then execute the uninstall command from a directory other than pbis so that the uninstall program can delete the pbis directory and all its subdirectories. For example, execute the command from the root directory.

For more information, please see Remote SupportPrivileged Remote AccessDevOps Secrets SafePrivileged IdentityPrivilege ManagementVulnerability ManagementBeyondInsight/Password SafeAD BridgeAuditorwww.beyondtrust.combeyondtrust.comContact SalesContact Support.

If you installed the agent on a Linux or Unix computer by using the shell script, you can uninstall the AD Bridge Enterprise agent from the command line by using the same shell script with the uninstall option.

To uninstall the agent, you must use the shell script with the same version and build number that you used to install it.. For example, on a Linux computer running  glibc, change directories to the location of AD Bridge Enterprise and then run the following command as root, replacing the name of the script with the version you installed:

./pbis-open-x.x.x.xxxx.linux.oldlibc.i386.rpm.sh uninstall

For information about the script's options and commands, execute the following command:

./pbis-open-x.x.x.xxxx.linux.i386.rpm.sh help

Use a Command to Uninstall

To uninstall AD Bridge Enterprise by using a command, run the following command:

/opt/pbis/bin/uninstall.sh uninstall

To completely remove all files related to AD Bridge Enterprise from your computer, run the command as follows instead. If using this command and option, you do not need to leave the domain before uninstalling.

/opt/pbis/bin/uninstall.sh purge

Uninstall the Agent on a Mac

On a macOS computer, you must uninstall the AD Bridge Enterprise agent by using Terminal.

Choose the appropriate action depending on whether you plan to re-install the product.

  • If you are not planning to re-install the product, leave the domain before uninstalling the agent.
  • If you are planning to re-install the product, remain in the domain while uninstalling the agent

For more information, please see Remote SupportPrivileged Remote AccessDevOps Secrets SafePrivileged IdentityPrivilege ManagementVulnerability ManagementBeyondInsight/Password SafeAD BridgeAuditorwww.beyondtrust.combeyondtrust.comContact SalesContact Support.

  1. Log on to the Mac using a local account with privileges that allow you to use sudo.
  2. Open a Terminal window: In Finder, on the Go menu, click Utilities, and then double-click Terminal.
  3. At the Terminal shell prompt, execute the following command:
    sudo /opt/pbis/bin/macuninstall.sh