---
title: Managing root user accounts
description: The directory server provides a default root user, cn=Directory Manager, that is stored in the server's configuration file, such as under cn=Root DNs,cn=config.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_manage_root_user_accts
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_manage_root_user_accts.html
revdate: July 15, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  example: Example:
---

# Managing root user accounts

The directory server provides a default root user, `cn=Directory Manager`, that is stored in the server's configuration file, such as under `cn=Root DNs,cn=config`.

## About this task

The root user is the LDAP-equivalent of a UNIX superuser account and inherits its read-write privileges from the default root privilege set.

## Steps

* To create or update root users, use the `dscconfig` tool.

  ### Example:

  ```
  bin/dsconfig create-root-dn-user --user-name "Joanne Smith" \
    --set last-name:Smith \
    --set first-name:Joanne \
    --set user-id:jsmith \
    --set 'email-address:jsmith@example.com' \
    --set mobile-telephone-number:8889997777 \
    --set home-telephone-number:5556667777 \
    --set work-telephone-number:4445556666
  ```

  |   |                                                             |
  | - | ----------------------------------------------------------- |
  |   | Root user entries are stored in the server's configuration. |

* To limit full access to all of the servers, create separate administrator accounts with limited privileges so that you can identify the administrator responsible for a particular change.

  |   |                                                                                                                                                                                                                     |
  | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  |   | Separate user accounts for each administrator make it possible to enable password policy functionality, such as password expiration, password history, and requiring secure authentication, for each administrator. |