PowerScale: How to remove a decommissioned child domain?

Summary: This article will help to remove the old entries of a child domain that is already decommissioned on the AD/DNS server.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Cluster ABC has a parent AD as "Isilon.com.ts" with two child domains as listed below: 

dev.Isilon.com.ts
test.Isilon.com.ts


Later child domain test.Isilon.com.ts is decommissioned from the AD/DNS side, but it is still visible on the PowerScale end. 

ucisilon1pd-4# isi auth ads trusts list Isilon.com.ts
      Domain: Isilon.com.ts
NetBIOS Name: host
         SID: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXX
        GUID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  Trust Type: primary
      Status: online
     DC Site: Ilam
 Client Site: Ilam
     DC Name: host.Isilon.com.ts
  DC Address: 111.222.2.XXX
--------------------------------------------------------------------------------
      Domain: dev.Isilon.com.ts
NetBIOS Name: host2
         SID: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXX
        GUID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  Trust Type: forest
      Status: online 
     DC Site: Ilam
 Client Site: Ilam
     DC Name: host2.dev.Isilon.com.ts
  DC Address: 111.222.11.XXX
--------------------------------------------------------------------------------
      Domain: test.Isilon.com.ts
NetBIOS Name: host3 
         SID: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXX
        GUID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  Trust Type: forest
      Status: offline  >>It can be online also . Regardless the state. 
     DC Site: Ilam
 Client Site: Ilam
     DC Name: host3.test.Isilon.com.ts
  DC Address: 111.222.11.XXX
--------------------------------------------------------------------------------

 

Cause

Child domain test.Isilon.com.ts is decommissioned from the AD/DNS.

Resolution

  1. Login to an ssh session to a node in the cluster
  2. Restart the lsass process across the cluster with a sleep time of 45 seconds using the below command:                                       isi_for_array -sX 'pkill -6 -f "lw-container\ lsass"' && sleep 45
  3. Do a "isi auth refresh" to refresh the authentication changes. 
  4. Now you will not see the deleted child domain "test.Isilon.com.ts". 

ucisilon1pd-4# isi auth ads trusts list Isilon.com.ts
      Domain: Isilon.com.ts
NetBIOS Name: host
         SID: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXX
        GUID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  Trust Type: primary
      Status: online
     DC Site: Ilam
 Client Site: Ilam
     DC Name: host.Isilon.com.ts
  DC Address: 111.222.2.XXX
--------------------------------------------------------------------------------
      Domain: dev.Isilon.com.ts
NetBIOS Name: host2
         SID: S-1-5-21-XXXXXXXXX-XXXXXXXXX-XXXXXXXX
        GUID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  Trust Type: forest
      Status: online 
     DC Site: Ilam
 Client Site: Ilam
     DC Name: host2.dev.Isilon.com.ts
  DC Address: 111.222.11.XXX
--------------------------------------------------------------------------------

Affected Products

Isilon, PowerScale OneFS
Article Properties
Article Number: 000190365
Article Type: Solution
Last Modified: 18 Sep 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.