Disable or delete the initial root account
The initial root user account that setup
creates should only be used to apply an initial set of configuration changes and create individual accounts for all of the other administrators.
From that point on, each administrator should use their own account for managing the server, and the initial root account is no longer needed.
To ensure that the initial root user account cannot be compromised or otherwise used inappropriately, it should be disabled by setting its disabled
property to true or by setting the ds-pwp-account-disabled
operational attribute to true in the configuration entry or completely removed from the server.
See the config/sample-dsconfig-batch-files/disable-or-remove-the-initial-root-user.dsconfig
batch file for more information about disabling or removing this account.