Changing Domain Information for a Managed Computer

Once a computer successfully joins a domain, you can remove it from a domain at any time by using the adleave command. You must also use the adleave command before you can join a new domain or make changes to the domain information for a computer, such as changing the computer name.

Leaving a Domain

Leaving the domain before attempting to join a new domain or changing a computer name ensures that there will not be file conflicts or orphaned information that might prevent the join operation from completing.

You should note that leaving the domain removes all of the Delinea-specific information for the managed computer from Active Directory and reverts any computer settings that were changed by the adjoin command to their preadjoin condition. These changes include reverting PAM, NSS, and Kerberos configuration files to their pre-adjoin states and deleting the /etc/krb5.keytab file. Leaving the domain does not delete the Active Directory computer object itself.

Leaving the domain does not delete the Active Directory computer object itself. If you want to completely remove any record of the computer from Active Directory, you must delete the computer object using Active Directory Users and Computers.

Joining a Different Domain

After running the adleave command, re-run the adjoin command with the appropriate arguments to join a different Active Directory domain. For example:

adjoin --zone arcade.com --user gale.harris operations.acme.com

For more information about using the adjoin and adleave commands, see the adjoin or adleave man page.

Renaming a Managed Computer

If you need to rename a Linux or UNIX computer that is joined to a domain, you should first leave the domain, rename the computer, then rejoin the domain. Otherwise, you could have issues with the service connection point or service principal name for the computer.