What is the impact of forcing an adleave to remove a computer from the domain?
# adleave -f
The adleave -f command is intended to be used when a machine is physically disconnected from the domain and/or cannot reach any Domain Controller through the network .
When a computer is joined to the domain, local system files are changed and several objects are created in Active Directory. When adleave is executed, local files are changed again to clear out data such as pam stack entries and nsswitch.conf or methods.cfg information. Active Directory credentials are provided that allow for the AD objects to be deleted. When adleave is run with -f, the local machine data is removed, but the data in AD remains. While this data is not harmful to AD, it is considered best practice to delete the excess objects when running adleave. The -f (force) option should only be used when the machine is unable to reach any Domain Controller.
In addition, the Centrify license used by that machine is also stored in AD. The forced adleave, does not allow the license to be freed up to be used on another machine. This impacts the deployment report that is sent to Centrify. In this case, the deployment report may show there are more licenses in use than are actually being used.