Disable or delete the initial root account

The initial root user account that setup creates should only be used to apply an initial set of configuration changes and create individual accounts for all of the other administrators.

From that point on, each administrator should use their own account for managing the server, and the initial root account is no longer needed.

To ensure that the initial root user account cannot be compromised or otherwise used inappropriately, it should be disabled by setting its disabled property to true or by setting the ds-pwp-account-disabled operational attribute to true in the configuration entry or completely removed from the server.

See the config/sample-dsconfig-batch-files/disable-or-remove-the-initial-root-user.dsconfig batch file for more information about disabling or removing this account.