Use novell-ad-util to disjoin an OES server from the AD domain. Using YaST or NSSMU, you cannot disjoin from the AD domain.
To disjoin the OES host from the Active Directory domain, execute the following:
kinit Administrator@EXAMPLE.COM
Authenticates the administrator with the AD server, where "Administrator" is the domain admin or user with the sufficient rights and "EXAMPLE.COM" is the AD domain.
novell-ad-util --leave-domain --domain-name EXAMPLE.COM
To disjoin a cluster resource from the Active Directory domain, execute the following:
kinit Administrator@EXAMPLE.COM
Authenticates the administrator with the AD server, where "Administrator" is the domain admin or user with the sufficient rights and "EXAMPLE.COM" is the AD domain.
Run the following command on the node where the cluster resource is currently running.
novell-ad-util --leave-domain --cluster-resource .cn=CLUSTER-OES2015-POOLSERVER.o=novell.t=NSSAD_CLUSTER. --domain-name EXAMPLE.COM
Run the following command on all the cluster nodes except the node where step 2 is performed.
novell-ad-util --purge 0 --cluster-resource .cn=CLUSTER-OES2015-POOLSERVER.o=novell.t=NSSAD_CLUSTER.
Removes all the keytab entries of the cluster resource specified in the default keytab file.
To ensure that the domain leave is successful, verify the following:
Computer objects in AD domain representing the OES host and cluster resources are removed.
Keytab entries are removed from /etc/krb5.keytab.
klist -k | grep <netbios name of OES host>
It should be empty after the OES host leaves the domain.
klist -k | grep <netbios name of a cluster resource>
Execute this command from all the cluster nodes. It should be empty after the cluster resource leaves the domain.
If AD domain leave still fails, see Section 7.2, Domain Leave Fails Using the novell-ad-util.