After decommissioning 2 IPA servers some time back (reduced from 8 to 6) I recently noticed that one of the decommissioned servers still appears when issuing commands like "ipa server-find." It only appears on 2 of the existing servers, not the other 4.

"ipa server-del" and "ipa-replica-manage del" both report "server not found" for the decomm'ed server entry, when issued on any of the 6 IPA servers.

So I suspect I have some stale LDAP entry left behind from the decommission process (I forget exactly what process I followed, it was over a year ago) and was thinking about deleting that entry from LDAP.

Not having much familiarity with LDAP, I found a post here from the venerable Rob which tells me how to find such entries (with a bit of fumbling with grep!) and indeed I see the entry on the 2 IPA servers but not the other 4.

https://www.redhat.com/archives/freeipa-users/2015-December/msg00089.html

[root@ipa6 ~]# ldapsearch -Y GSSAPI -b cn=computers,cn=accounts,dc=dom "krbprincipalkey=*" dn 2>/dev/null | grep ipa7.example.dom

# ipa7.example.dom + 9554ab01-42e811e8-a6dce53f-3a18cb6e, computers, acc

dn: fqdn=ipa7.example.dom+nsuniqueid=9554ab01-42e811e8-a6dce53f-3a18cb6

Assuming this is the right thing to do, I could do with some advice on how to delete this entry from the 2 LDAP servers.

Thanks in advance