OS X Server: Reset diradmin’s Password

The admin-password does not work with the diradmin-account? First things first:

  • Don’t panic!
  • There might be a way out of this.

What happened?

The passwords for the administrative account on OS X Server, I’m talking about the one created during installation, and the diradmin-account are the same, right? Are you sure? They probably are, if you didn’t change one of them. These two passwords are the same after the installation, because they have been synchronized during the installation. If you should change one of them later, then they won’t be synced again. Shouldn’t be a problem, though, everyone keeps records of vital data like this, most of the time.

On the other hand, if one of us sets up a machine, then said machine should get a healthy workout before deployment, to make sure the hardware is OK. This usually includes the installation and configuration of all needed hard- and software. So, in theory, the machine would be ready for deployment. But, during these tests, nobody cares about passwords; the system runs in a controlled environment and access from outside of this environment is either impossible or severely restricted. This could mean—if the Open Directory-user-accounts have been created during this phase—that nobody tried to connect to the directory-tree as diradmin after the change to the “real” administrative password. Same goes for periodic changes to the administrative password, depending on your policy.

It happened, I cannot login as diradmin any more…

Regardless how it happened, don’t do anything in a rush now; breathe. Spare yourself the trouble to try passwd diradmin as super-user, it won’t work; you need the old password to make changes. If you have access to the system, either physically or via ssh, ARD or screen-sharing, then the situation can be rectified.

If possible, make a backup of the system, seriously! Then retrace the steps in How to reset the Open Directory administrator password and you should be OK.

In a nutshell: The documents describes how to use Workgroup Manager to gather information about the password and uses mkpassdb to dump the password-database and overwrite the old password with a new one. It seems, that on 10.5 all you need to do is to use

sudo mkpassdb -dump

to get the slot-ID and

mkpassdb -setpassword [slot-ID]

executed as super-user, a.k.a. root (one way to get there is sudo su), to create a new password for diradmin.

The latter is my experience, your mileage my vary.

Disclaimer: The fact that it worked for me, does not necessarily mean it will work for you. You have to do it on your own risk, I’m not responsible if something goes wrong.


  1. Alexis
    Posted May 19, 2010 at 3:52 pm | Permalink

    I need to do this, and started reading the article you linked. When I realised the admin password was not working either I use the root user name and password to open up work group manager. This gave me access to everythign and I was able to reset the diradmin and the admin password.

    Posted May 30, 2012 at 6:19 pm | Permalink

    This was 100% on the $. Thanks for the posting.

One Trackback

  1. […] instructions to reset the password was found here. Thanks, […]

Post a Comment

Your email is never published nor shared. Required fields are marked *, comments are moderated.