The initial root user account that
setup creates should only be used to
apply an initial set of configuration changes and create individual accounts for all of the
From that point on, each administrator should use their own account for managing the server, and the initial root account is no longer needed.
To ensure that the initial root user account cannot be compromised or otherwise
used inappropriately, it should be disabled by setting its
property to true or by setting the
attribute to true in the configuration entry or completely removed from the server.
See the config/sample-dsconfig-batch-files/disable-or-remove-the-initial-root-user.dsconfig batch file for more information about disabling or removing this account.