IPA 4.5 is likely domain level 1. According to the ipa-replica-del man page:
<-- snip
To manage IPA replication agreements in a domain at domain level 1, use IPA CLI or Web UI, see `ipa help topology` for additional information.
<-- snip
When I decommissioned a site recently with 2 IPA servers, I followed this advice and ended up using this command from a remote IPA server:
# ipa server-del <IPA_name_to_decom>
Which initially threw errors, giving very specific messages about how replication would fail due to missing topology agreements should the server removal carry on, allowing me to sort those agreements out separately. Once all the agreements were in place to
support the removal of the server, the command removed all topology agreements related to this server and then deleted the server altogether.
In our environment, one of the the servers to be decomm'ed was the CA renewal server so I had to move that first - these are tasks I perform very rarely (once so far!) and have little knowledge of - all the tools worked really well, I went home on time and
slept well!
Regards
Angus
From: Satish Patel via FreeIPA-users <freeipa-users@lists.fedorahosted.org> Sent: 20 September 2019 02:51 To: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc: Dmitry Perets <dmitry.perets@gmail.com>; Satish Patel <satish.txt@gmail.com> Subject: [Freeipa-users] Re: remove bad replica from list not working
You are awesome!!!
ipa topologysegment-del works!! and i am successfully able to remove bad replica