About Administrator Accounts
You need an administrator account on your server to create other user accounts,
create groups, change server settings, and perform other tasks using Server
Preferences. With an administrator account, you can also make changes to locked
preferences in System Preferences, install software on the server, and perform other
tasks that standard users can’t.
Your server may have two administrator accounts after you finish setting it up for the
first time: a primary administrator account and a directory administrator account.
Primary Administrator Account
The server always has a primary administrator account, whose name and password you
entered while setting up the server. The primary administrator account is stored on
the server along with any user accounts you might create using the Accounts pane of
System Preferences. You can use this administrator account on the server itself, and you
can use it to manage your server over the network from another Mac.
Directory Administrator Account
If your server hosts users and groups in its own directory, the server also has a directory
administrator account. This account has the password you entered for the primary
administrator during setup, but its name is Directory Administrator and its short
name is diradmin. You can enter a different name and short name if you choose the
“Configure manually” option during setup.
The directory administrator account is in your server’s directory, along with the
standard user accounts you create in the Users pane of Server Preferences. However,
the directory administrator account isn’t shown in the User pane of Server Preferences.
If a malfunction makes the primary administrator account unusable, you can use the
directory administrator account on the server itself, and you can use it to manage the
server over the network from an administrator computer.
Primary and Directory Administrator Accounts Compared
The following table summarizes similarities and differences between the primary
administrator account and the directory administrator account.
Name and short name
Specified during setup
Directory Administrator and
diradmin (or specified during
Specified during setup
Same as primary administrator
Stored in the server’s directory
Can be used from an
Administrators on an Upgraded Server
If your server was upgraded or migrated from a standard or workgroup configuration
of Mac OS X Server v10.5 Leopard, you have different administrator accounts.
Your primary administrator account is in your server’s directory. This is a directory
administrator account, and it has the name and short name specified during Leopard
Server setup. You also have an administrator account stored on your server, and it has
the name Local Administrator and short name localadmin. For more information about
these accounts, see Getting Started for Mac OS X Server v10.5. It’s available on the Apple
Manuals website at support.apple.com/manuals/.
Additional Administrator Accounts
When you create a new user account, you specify whether the user is an administrator
or a standard user. You can also make an imported user account a server administrator.
If you don’t want a user to be able to use Server Preferences or install software on the
server, don’t make the user an administrator.
Administrator Account Security
To keep your server secure:
Don’t share an administrator name and password with anyone.
Log out when you leave your server, or set up a locked screen saver using the Screen
Saver pane and Security pane of System Preferences. If you leave your server while
you’re logged in and the screen is unlocked, someone could sit down at your server
while you’re away and make changes using your administrator privileges.
Never set an administrator to be automatically logged in when the server starts up.
If you do, someone can simply restart the server to gain access as an administrator.
For added security, routinely log in on the server using a standard user account.
Use your administrator name and password when you open Server Preferences or
another application that requires administrator privileges.