User account no longer in ‘admin’, how to recover?

macos administrator user-account

After a recent OS X update (currently Sierra, 10.12.3) the normal user on this machine is no longer in the admin group.

I don't know what caused the account to be removed from that group; how can I get it back?

Advice found via I don't have administrator account on my mac suggests booting to Single-User mode, and using the dscl command:

dscl . -append /Groups/admin GroupMembership username

This fails immediately:

Could not read path: path = /System/Library/LaunchDaemons/com.apple.DirectoryServicesLocal.plist, error = 2: No such file or directory

and no change in groups occurs. Apparently I can't expect dscl to work in Single-User mode.

So what should I do, to re-add the username to the admin group?


Solution 1:

After starting to Single User Mode enter:

/sbin/fsck -fy
/sbin/mount -uw /

Launch opendirectoryd:

launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

Then enter (replacing username with the real user name):

dscl . -append /Groups/admin GroupMembership username

You will get an error "...com.apple.DirectoryServicesLocal.plist doesn't exit anymore ..." - ignore it! Your user should still get promoted to an admin user.

Enter exit to boot to the GUI.

Solution 2:

What's easiest is to add a new admin account. To do this:

1. Boot into single user mode

After power on, immediately press and hold Command-S

your system will boot showing a lot more details, and drop you on a shell prompt.

NOTE: if your system has a firmware password this will fail. You need to first remove that password temporarily. See here: https://discussions.apple.com/thread/4347468

2. Make the filesystem writable

issue the command mount -uw /

3. Remove the file indicating the system has been setup previously

issue the command rm /var/db/.AppleSetupDone

4. Let the boot continue

press Control-D or type reboot to make the system continue the boot and/or reboot (which doesn't matter)

5. Add a new temporary user account in the GUI

The system now boots and thinks it's unconfigured and will ask in a graphical user interface the details to create a new admin account, just like it did when it was new out of the box. Make sure it's a NEW account. And don't transfer data or anything like that.

It will also log you in as that user

6. fix your old account You can now make changes to the original user and give it admin rights again etc.

7. remove temp admin account Log out en log in with your fixed account and remove the temporarily created admin account.

More info:

Please see here as well: I don't have administrator account on my mac

Related

How can I change the default text color in Mail?
Stolen iPhone: what is the security risk?
How do I transfer data and settings from one Apple Watch to another?
annoyance: latest version of Skype under Standard (non-admin) user on macOS 10.13
Persistent do not disturb toggle in Yosemite possible?
Remove an email address from apple-ID
Delete a purchased file from ITunes Download Queue without downloading file
Disable voiceover on login
Is it normal for a 27" iMac to have CPU core temperatures around 95C under 100% CPU load?
Is it possible to install Android OS on an iPhone?
The say Command is not Working in High Sierra
How do I stop FileVault's decryption?