DocumentationRelease Notes
Documentation

Leave a domain and uninstall the AD Bridge agent

Suggest Edits

Leave a domain

When a computer is removed from a domain, AD Bridge retains the settings that were made to the computer's configuration when it was joined to the domain but modules will be disabled. You can remove a computer from a domain without necessarily disabling or deleting the computer's account in Active Directory.

Before leaving a domain, run the following command to view the changes that will take place:

domainjoin-cli leave --advanced --preview domainName

Example:

[root@rhel4d example]# domainjoin-cli leave --advanced --preview example.com
Leaving AD Domain:    EXAMPLE.COM
[X] [S] ssh                  - configure ssh and sshd
[X] [N] pam                  - configure pam.d/pam.conf
[X] [N] nsswitch             - enable/disable  nsswitch module
[X] [N] stop                 - stop daemons
[X] [N] leave                - disable machine account
[X] [N] krb5                 - configure krb5.conf
[F] keytab                   - initialize kerberos keytab
      
Key to flags     
[F]ully configured           - the system is already configured for this step
[S]ufficiently configured    - the system meets the minimum configuration requirements for this step
[N]ecessary                  - this step must be run or manually performed
[X]                          - this step is enabled and will make changes
[ ]                          - this step is disabled and will not make changes

Remove a Linux or Unix computer from a domain

To remove the computer, use a root account or a user with sudo rights to run the following command:

/opt/pbis/bin/domainjoin-cli leave

Disable the computer account in Active Directory

By default, a computer account in Active Directory is not disabled or deleted when the computer is removed from the domain.

To disable but not delete the computer account, include the user name as part of the leave command. You will be prompted for the user account password:

/opt/pbis/bin/domainjoin-cli leave userName

Remove the computer account in Active Directory

To delete the computer account, use the option --deleteAccount and include the user name as part of the leave command.

/opt/pbis/bin/domainjoin-cli leave --deleteAccount userName

Uninstall the agent on a Linux or Unix computer

ℹ️

Note

Before uninstalling the agent, you must leave the domain in order to clean up the Active Directory computer object.

You can uninstall AD Bridge by using a command or by using a shell script. While we do provide two options - uninstall and purge - we do recommend a purge as it will clean any configuration files that could carry between installations.

Use a command to uninstall

⚠️

Important

If --ignore pam was used and pam_lsass is in your pam files we recommend purge as uninstall could leave you in a state where logins will fail due to unknown pam modules.

To uninstall and leave the AD Bridge configuration files in place on the operating system, run the following command:

/opt/pbis/bin/uninstall.sh uninstall

ℹ️

Note

As of 24.2.2 the uninstall option respects the settings in /var/lib/pbis/domainjoin.cfg.

To completely remove all files related to AD Bridge from your computer, run the command as follows instead:

/opt/pbis/bin/uninstall.sh purge

Use a shell script to uninstall

If you installed the agent on a Linux or Unix computer by using the shell script, you can uninstall the AD Bridge agent from the command line by using the same shell script with the uninstall or purge option.

ℹ️

Note

To uninstall the agent, you must use the shell script with the same version and build number that you used to install it. For example, change directories to the location of AD Bridge and then run the following command as root, replacing the name of the script with the version you installed:

./adbridge-##.#.#.###.linux.x86_64.rpm.sh uninstall

Or to completely remove all files related to AD Bridge from your computer. This is a good option if there is ever an issue with the installation and need to clean the system.

./adbridge-##.#.#.###.linux.x86_64.rpm.sh purge

Linux repository cleanup

For information on uninstallation from the public repositories, please refer to: https://repo.pbis.beyondtrust.com/index.html

While there is not a method to completely remove all the files from the repositories, a shell script purge with the same version should purge the files left behind.

Updated 19 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.