Freeipa client uninstall and reinstall
If you are changing ipa domains on a client, you first uninstall the client.
ipa-client-install --uninstall
Then you install in the new domain. (The lack of options here indicates it will search dns, so make sure your _kerberos entries are correct!)
ipa-client-install --mkhomedir --force-ntpd --enable-dns-updates
If you have problems with user accounts on the client for the new domain, it's possible you need to manually clear out the sss cache to remove traces of the old domain.
rm -rf /var/lib/sss/db/*
systemctl restart sssd.service
Comments