Symptoms
Leave Domain (Administration -> Single Sign On -> Configuration -> Active Dircetory Domain -> LEAVE AD) operation from WebClient fails with below error message
"There is already a native AD IDS or LDAP AD IDS registered"
Purpose
This article will help if you want to rejoin VCSA to domain by performing leave domain followed by join domain operation.
Cause
This error occurs when disjoint domain namespace is in use.
Resolution
Note: Please take snapshot of all vCenter Servers and PSC in Enhanced Linked Mode before proceeding with below steps. Recreating the identity source might impact vCenter Permissions, hence snapshot is important:Perform below steps to resolve this issue :
Delete the Identity source - IWA (Active Directory Integrated Windows Authentication, by connecting to WebClient -> Administration -> Configuration -> Identity Sources).Log in to the Platform Services Controller Appliance as root and activate the bash shell.Leave the domain by running the domainjoin-cli leave command.
/opt/likewise/bin/domainjoin-cli leave
Reboot the appliance.Delete the computer account on the Active Directory.Log in to the appliance again and enable the bash shell.Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user.
Example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
Reboot the appliance.Recreate the Identity Source (by connecting to WebClient -> Administration -> Configuration -> Identity Sources)
