From that point on, each administrator should use their own account for managing the server, and the initial root account is no longer needed.

To ensure that the initial root user account cannot be compromised or otherwise used inappropriately, it should be disabled by setting its disabled property to true or by setting the ds-pwp-account-disabled operational attribute to true in the configuration entry or completely removed from the server.

See the config/sample-dsconfig-batch-files/disable-or-remove-the-initial-root-user.dsconfig batch file for more information about disabling or removing this account.