User Admin in NW6 got deleted

Posted on 2004-08-04
Last Modified: 2008-02-26
The netware 6 network has been up and running for a year now.
Can any one tells me how to re-create user object admin. The story was like this
One day ( months ago ) I was maintaining and deleting users who no longer worked in the Compnay, by mistake, I deleted the user admin. Fortunately my own account is having equivalent rights as user admin, so I got no problem so far in maintenance.
With the recent release of sp5 for nw6, I wanted to install it but till this moment I found out that I do not have sufficient right to do the job even though I was sure I set up my account in equivalent to admin ( supervisor ), is there a way to get the user admin back or what should I do to find out if I do have the administrator rights?
I know if I set up another server from the scratch it can be the answer but I really don't want to, please help
Question by:ppdsh
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
LVL 34

Expert Comment

ID: 11726568
OK, first, in the NDS environment, there is no "Supervisor" user - that user was a creature of NetWare v3.x and earlier (Bindery). User "Admin" in the NDS environment is just another user account, it just happens to have the "S" NDS right at the root of the NDS tree. As you've unfortunately found out, "Admin" can be deleted just like any other user. This is good in that because the administration-privledge-level account does not have a fixed name, it makes it harder for an intruder to get in (this contrasts with the NT/AD environment, where 1/2 of the administration-level credentials - the user name - is unchangeable, so all the intruder has to do is guess/brute-force the password).

The mistake you made, and its unfortunately a common mistake, is that you made your account equivalent to Admin, instead of having the Admin account grant your account the "S" right at the root of the NDS tree. Thus, when you deleted Admin, you destroyed your privledges.

The fact that you did this a month ago means that even if you have an NDS-aware backup system (and I hope you do!), you probably don't want to back-rev the NDS database that far. At this point, you have two choices:

1) Destroy your current NDS installation and re-install the directory service from scratch. This means trashing the entire tree, all the user accounts, and loss of the filesystem trustee rights. The latter you could backup and then put back in with a script, and with something like JRB Utilities ( you could automate restoration of the user accounts, but this is still a messy and brutal process.

2) Contact Novell TS (if you don't have a support contract, you're going to have to shell out some $$$) and get them to perform the necessary tree surgery to either re-create the Admin account or, better yet, assign your account the "S" privledge at the root of the tree.

Personally, I'd go for the second option unless I had a small, single-server tree with only a handful of user accounts.
LVL 35

Assisted Solution

ShineOn earned 35 total points
ID: 11726603
There is always a way.

First, was your account set as equivalent to Admin, or do you have explicit rights to [ROOT]?

You should ALWAYS have at least ONE account with full EXPLICITLY-ASSIGNED rights to the root of the tree.  Equivalence goes away when the account you're equivalent to goes away.

If you have explicit rights, you should be able to create a new Admin user.  Problem there, is that if the licensing was installed by Admin, creating a new Admin account won't necessarily let that new Admin user manage them.

You may have to call Novell Support (and pay for the service,) but they have tricks for re-creating the Admin user.

There are hacker tools floating around that can create Admin accounts, but I don't know that it'd be my first choice with a supported OS.

Author Comment

ID: 11728357
I am just a newbie in NDS, professional set up the server for me and disappeared
I just made my account equivalent to admin, so when admin is gone, my rights are gone! By deleting the tree, are all the print queues, print server things are destroyed too? My network has only about 15 users so re-build user accounts is not a big deal but I hate to set up the printing things. How do I rebuild the tree?
Just another thought, if I set up another server and migrate all the settings and files would that be an alternative?
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

LVL 35

Expert Comment

ID: 11728455
Yes, you'd have to do it all over again.  Migration needs admin on both servers.  The best you could do is set everything up "the same" with a different tree name, then copy over the data files.  The users passwords will all have to change, too, unless you are like some installations where the Administrator assigns the passwords and keeps 'em on a piece of paper...which I DON'T recommend, no matter how small or "cozy" your organization is.
LVL 35

Expert Comment

ID: 11728500
You can think of it as a good learning experience, and look forward to the successful completion, upon which you can pat yourself on the back and buy yourself a beer. ;)

 - Don't forget to grant your user ID "S" NDS rights to [ROOT].
LVL 34

Expert Comment

ID: 11728630
"I am just a newbie in NDS, professional set up the server for me and disappeared"

Doesn't sound like they were too professional if they didn't at least offer to document their work.

Your options remain as I indicated earlier - toss out your current NDS database, including printing info, users, file permissions, all of it; and re-install from scratch - or contact Novell Technical Support and they may be able to do the necessary tree surgery that will get your account the access it needs.
LVL 10

Assisted Solution

DSPoole earned 55 total points
ID: 11728915
Don't you guys ever read CoolSolutions?  ;)

Here - a solution WITHOUT a rebuild of the network:

LVL 34

Expert Comment

ID: 11728951
Damn. No, I'd never seen that. That's way cool. Novell TS in a box.
LVL 34

Accepted Solution

PsiCop earned 35 total points
ID: 11728972
ppdsh, no matter which way you go, one of the first things you need to do is grant another account "S" at the root of the tree,

Author Comment

ID: 11741981
I downloaded the emadmin.nlm and created the account
Tried to install sp5, system tells 'username do not have the right to extend schema' so installation can't go on. Did I miss anything? How do I get the right to extend schema? I guess I have the right in root but still can't carry on this patch.
I've used the account I created to grant rights, but no luck
Any more ideas please
LVL 34

Expert Comment

ID: 11744806
I've not used EMADMIN, so mebbe an Expert who has will chime in. In what context you create the account? If you are in ConsoleOne and right-click on your tree's Root object and select Trustees of this object, is the account listed there?

Author Comment

ID: 11749996
Yes, the account is there, NDS rights of the object is

>xxxx CN
>Role Based Server.xxxx

Do I miss anything?

Author Comment

ID: 11754317
Thanks for all, I mixed all the clues in the answers from you guys, I worked it out finally, with a bit of luck

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Object class = Uknown 6 501
Remove Novell client remotely 4 282
WIN7 connect  to OLD  netware 4.1 server protocol 5 1,082
search drive 4 288
When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
By reading this blog, MSPs will gain insight into how to improve communications with their clients as well as establish a more profitable business.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question