Environment
Novell Open Enterprise Server 11 SP1 (OES11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW
Situation
How to recreate the administrator user.
Administrator user was acedentally deleted, how do I re-create the administrator user?
Resolution
Make new file like create_administrator.ldif
Open then copy and past the administrator section from /var/opt/novell/xad/ds/domain/administrator.ldif into the create_administrator.ldif file.
dn: CN=Administrator,CN=Users,o=novell
cn: Administrator
adminCount: 1
codePage: 0
countryCode: 0
description: Built-in account for administering the domain
isCriticalSystemObject: TRUE
objectClass: User
objectClass: uamPosixUser
primaryGroupId: 513
userAccountControl: 66048
uidNumber: 1049076
gidNumber: 1049089
uniqueID: Administrator
sn:: IA==
Import the ldif using ldapadd and the external method.
export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
ldapadd -Y EXTERNAL -f create_administrator.ldif
Next import the acls from /var/opt/novell/xad/ds/domain/administrator-acl-on-root.ldif
ldapmodify -Y EXTERNAL -f /var/opt/novell/xad/ds/domain/administrator-acl-on-root.ldif
Verify the SID for the administrator ends with 500 using wbinfo
First restart winbind to clear the cache otherwise it might show the old sid if wbinfo was ran between the creation and modification of the administrator object.
Example:
rcwinbind restart
wbinfo -n administrator
S-1-5-21-3262899241-201330870-300001753-502 User (1)
Add Administrator as a member of the following groups:
CN=Administrators,CN=Builtin,<YourDomain or MappedContainer>
CN=Windows Authorization Access Group,CN=Builtin,<YourDomain or MappedContainer>
CN=Domain Admins,CN=Users,<YourDomain or MappedContainer>
CN=Schema Admins,CN=Users,<YourDomain or MappedContainer>
CN=Cert Publishers,CN=Users,<YourDomain or MappedContainer>
CN=Group Policy Creator Owners,CN=Users,<YourDomain or MappedContainer>
Additional Information
dn: CN=Administrator,CN=Users,o=novell
cn: Administrator
adminCount: 1
codePage: 0
countryCode: 0
description: Built-in account for administering the domain
isCriticalSystemObject: TRUE
objectClass: User
objectClass: uamPosixUser
primaryGroupId: 513
userAccountControl: 66048
uidNumber: 1049076
gidNumber: 1049089
uniqueID: Administrator
sn:: IA==
objectSid:: AQUAAAAAAAUVAAAAKVa+HYBqAAyXXuIR9AEAAA==