[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How To Log In With Administrator Account

Posted on 2009-12-21
29
Medium Priority
?
1,333 Views
Last Modified: 2013-11-08
I originally created an account that had Admin status and named "Tom Jones".  Then I joined my computer to my Windows 2008 Domain, logged into the machine with an Active Directory also named "Tom Jones" and made it a mobile account, so now my account is cached.  The problem now is that when I log on to my machine it logs on to the "Tom Jones" mobile account that does not have Admin privliges and I can't perform any administrative tasks.  I know the password to the original "Tom Jones", but it defaults to "Tom Jones" account that has no Admin rights.  Does anyone have any idea how to get into my original "Tom Jones" account?  If I removed my Mac from the Domain will it help the situation.  Thanks.
0
Comment
Question by:knesbitt
  • 12
  • 11
  • 5
  • +1
29 Comments
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 26102683
your active directory user account Tom Jones, is this user member of administrators group or domain admins ? and you mean if you log in when the computer not connected to the domain you got restricted user ?
0
 
LVL 10

Expert Comment

by:robertcerny
ID: 26102709
Hi,
you confused your system using two accounts with the same name. You will need to add another account from command line, booted in the single user mode. Following links should help:

<http://support.apple.com/kb/HT1492>

<http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/>
0
 
LVL 7

Expert Comment

by:marook
ID: 26103650
Hi,

If the 'shortname' is not the same, you can use that in the login promt, the default for your first account is 'tomjones'.

You can also boot from your 10.6 DVD and use the Password Reset utility to change the password, if they are the same, to make it different.

Hope it helps.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 10

Expert Comment

by:robertcerny
ID: 26103663
If the shortnames are both same resetting password will not work. AD account usually has a precedence (depends on actual settings in the Search path)
0
 
LVL 7

Expert Comment

by:marook
ID: 26104156
You could also boot into Single User Mode (aka plain terminal)

Navigate to /private/var/db/dslocal/nodes/Default/users
and Add another shortname for the local account. It will be in a plist file, username.plist, and you should look for this key:

        name
      
            jap
            Jakob Peterhänsel
      

Add another  line with your alternate shortname.
Save, and reboot.
Login with the new shortname added.
0
 
LVL 7

Expert Comment

by:marook
ID: 26104165
PS: You boot into Single User Mode by holding down CMD+S while rebooting...  ;-)

BE CAREFUL!
0
 

Author Comment

by:knesbitt
ID: 26105410
Thanks for the help guys.  I decided to use the method RobertCerny provided in the links.  I am having problems with entering the commands listed in the links.  I am new to the Mac environment, so please have pity on me.

When I type in "dscl / -create /Users/localadmin" I get an error that says "launch_msg(): Socket is not connected  Data source (/) is not valid."

What could I be doing wrong?
0
 
LVL 10

Expert Comment

by:robertcerny
ID: 26105461
Hello,
the link is not valid for 10.6 Snow Leopard. If you're on 10.6, simply exchange '/' with '.'

The command will be:
dscl . -create /Users/toddharris
0
 

Author Comment

by:knesbitt
ID: 26105744
Now I am getting:

launch_msg(): Socket is not connected
For Single User Mode you must run the following command to enable use of dscl .
launchctl load /system/library/launchDaemons/com.apple.DirectoryServicesLocal.pList
dscl local only
0
 
LVL 7

Expert Comment

by:marook
ID: 26105828
Yeah, 'dscl' is a tool to modify a running Directory. The local or a remote one. In Single User mode no directory is loaded.

Why not jus edit the plist and got over the trouble?  ;-)
0
 

Author Comment

by:knesbitt
ID: 26105952
Marook,

OK.  Excatly how do I navigate to /private/var/db/dslocal/nodes/Default/users?  When I type that in all I get is /private/var/db/dslocal/nodes/Default/users: is a directory.  How do I actually get to that folder.  I know nothing about Linux or Mac so just assume I know nothing a describe step by step.

Thanks so much.
0
 
LVL 10

Expert Comment

by:robertcerny
ID: 26106084
cd /private/var/db/dslocal/nodes/Default/Users
0
 

Author Comment

by:knesbitt
ID: 26106284
OK that worked.  Where do I go from here?  Remember, I don't know what a username.plist is, much less ever edited one.
0
 
LVL 10

Expert Comment

by:robertcerny
ID: 26106368
Well,
execute this:

ls |grep -v _

it will display several plist files including the one with your shortname. Let's say it's named "knesbitt.plist". Now you need to edit it.

pico knesbitt.plist

Use keyboard key to navigate through the text and find the info which marook mentioned:

        <key>name</key>
      <array>
            <string>knesbitt</string>

create new entry or change "knesbitt" to something else

Press Ctrl+O followed by Ctrl+X to stop pico and reboot
0
 
LVL 7

Expert Comment

by:marook
ID: 26106460
Hi again,

OK, seems like you need to use 10-60 min on learning what you are doing.. ;-)

This google search should get you going:
http://www.google.com/search?rls=en&q=os+x+terminal+tutorial&ie=UTF-8&oe=UTF-8

Best,
0
 

Author Comment

by:knesbitt
ID: 26106701
Thanks guys getting nowhere.  Thinking about formatting hard drive and reinstalling.  Trying to follow instructions but getting nowhere fast.  Ran "ls |grep -v" and get Usage: grep [OPTION]... PATTERN [FILE]...
0
 
LVL 7

Expert Comment

by:marook
ID: 26106746
I think you need a space between the 'pipe' | and the grep command.

Anyway, maybe it's better for you to study the terminal in other conditions than this, even though having a solution to fix normaly get you to look into the details.

If you have another Mac, you can also boot your Mac in Target Mode (hold down T during reboot) to put it into FireWire disk mode. Then use GUI tools on the other Mac to work the problem.
0
 

Author Comment

by:knesbitt
ID: 26106970
I wish I had that luxury.  Thanks anyway.  Is there anyone here that can tell me verbatim exactly what to type?  I have a screen and I am at the prompt that says:

:/ root#

What next?
0
 

Author Comment

by:knesbitt
ID: 26108452
OK.  I am in Pico.  I see the
<key>name<key>
<array>
<string>tomjones</string>
<string>tom.jones</string>
<string>tom.jones@abc.com</string>
<string>tom.jones@abc.local</string>

I am thinking about changing all these fields to something totally different.  Then when I get in using the local TJones admin account I delete the offending user and recreate under a different account.  Is this correct?
0
 
LVL 7

Expert Comment

by:marook
ID: 26108477
Hi,

ADD another:

<string>localadmin</string>

then use the Control-X and and hit Enter to confirm save.
Reboot and see if you can login with
User: localadmin
Pass: the password on your account.  ;-)
0
 

Author Comment

by:knesbitt
ID: 26108593
Don't think that is an option.  I could only get into plist file for user that network user that did not have enough rights.  I could not get GREP to list all the plist file.  If I could somehow get Grep to work I could see what plist files were available.


Also, when I try to do CTRL-O I get "Error writing Tom.Jones.plist: Read-only file system.
0
 
LVL 7

Expert Comment

by:marook
ID: 26108651
About the error writing: You are not 'root'. Use this:

sudo pico tomjones.plist        (I assume that is the name of the file)

It will ask you for your local admin password. :-)
The file for both accounts should be there. Else, that's where we have the trouble... :-/

so,
cd /private/var/db/dslocal/nodes/Default/Users     (get to the folder)
ls -lha           (list the folders content, in Long mode and human readable sizes)
sudo pico tomjones.plist

- do your edit
control-X
Enter to confirm...  Better?

0
 

Author Comment

by:knesbitt
ID: 26108663
OK.  Was able to do a ls in directory.  Found file named tjones.plist.  I just added <string>localadmin</string>.  Still getting Read Only Error.
0
 

Author Comment

by:knesbitt
ID: 26108698
Marook,

I followed your sudo suggestion, but it does not ask me for password.  When I get in and make changes I still get Read Only Error.
0
 
LVL 7

Expert Comment

by:marook
ID: 26108782
Hmm, do a

sudo bash

to enter a full terminal as root. Asking for password?
0
 

Author Comment

by:knesbitt
ID: 26108811
Does not ask for password.  All I get is bash-3.2#.  Make changes in Pico, but still get same error.
0
 
LVL 7

Accepted Solution

by:
marook earned 2000 total points
ID: 26108823
Hmm, strange!

Backup your files, and reinstall!

Attach an external disk (FW [800] is best) and use Time Machine.
Reinstall, and use Migration Ass. in /Applications/Utilities after you have set up a new localadmin account, and restore your user from the TM. Have some coffee or an x-mas beer while waiting.. ;-)
0
 

Author Comment

by:knesbitt
ID: 26108892
OK.  Thanks anyway.  Learned alot in the mean time.  Luckily, I don't have any important files on my machine.
0
 
LVL 7

Expert Comment

by:marook
ID: 26108942
You're welcome!
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question