Convert Standard User Account to Administrator Account from Command Line of Mac OS

Nov 1, 2016 - 25 Comments

Change User to Admin Account from command line of Mac OS X

Mac systems administrators may find a need to convert an existing regular user account into an administrator account on a Mac. While most Mac users would be best served by converting account status to admin through the Users & Groups preference panel, advanced users can perform the same function through the Terminal by using the Directory Service command line utility dscl.


Note this change will have no impact on the ability for any user account, admin or standard, to access the sudo function, or use the root account, both of which are entirely separate from an administrator account in Mac OS X.

How to Change a User to Admin at Command Line in Mac OS X

You’ll need the regular user accounts short user name to switch it to an administrator account, the rest is handled at the command line. If you aren’t certain of the short user name for the target account, you can use this to list accounts on the Mac, or take a look in the /Users/ directory.

When you have the username, launch Terminal and use the following command to change the account to admin:

dscl . -append /groups/admin GroupMembership USERNAME

For example, with a short user name of “paul” the syntax would be:

dscl . -append /groups/admin GroupMembership paul

Upon executing the proper command, the targeted user account will now have administrator privileges and all access abilities that go with an admin account.

This can be particularly helpful for remote administration with ssh and automated setup situations, but it’s also handy in that you can switch a user account to administrator privilege from Single User Mode and when booted from Recovery Mode as well.

Confirm the Change and View a List of All Administrator Accounts in Mac OS X

You can confirm the user account has been converted to the administrator group by using the -read flag with dscl on the same group:

dscl . -read /groups/admin GroupMembership

This should print something back like:

“osxdaily paul adminaccount” or similar, depending on the account(s) which belong to the admin group. The list will only include administrator accounts, whereas other commands will list all user accounts on a Mac.

.

Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Tips & Tricks

25 Comments

» Comments RSS Feed

  1. Dennis says:

    Editor:Please sequence your instructions to ALWAYS display the current value. before making a change.
    In this case BEGIN with
    dscl . -read /groups/admin GroupMembership

  2. Biswaprakash says:

    My Mac has just one Standard user account (no additional account else).
    I’ve had only one account which was the administrator of this Mac.

    Recently I changed the account’s username from “user” to “A” as I went to Users&Groups.

    However, after I close the Advanced Options window, I didn’t get the change.

    My account name is still “user”, but the account was changed from Administrator to Standard.

    Now I lost all the Admin control so I can’t unlock the Users&Groups and of course, I can’t allow this standard account to be admin again or change the name.

    I already tried to unlock with username “A” or “user” but I failed.

    I guess it made some error while changing the username and took my admin control away…

    How can I get the admin control back? Can anyone help with this problem?

  3. Steve says:

    Thanks. It worked! Give it time to reboot.

    I tried several suggestions with no luck. Had to create a new user name but allowed me keeping the Apple username and password.

  4. Brown says:

    I tried this:
    “dscl . -append /groups/admin GroupMembership ‘my username'”

    but got this:
    ” attribute status: eDSPermissionError
    DS Error: -14120 (eDSPermissionError)”

    Any help, please?

    • Paul says:

      You may need to prefix the command with sudo depending on your specific account privileges. For example:

      sudo dscl . -append /groups/admin GroupMembership UserName

      As always when modifying systems and account information, be sure to backup the Mac first, just in case.

      • zack says:

        Zacharis-MacBook-Air:~ Dj-Zack$ sudo dscl . -append /groups/admin GroupMembership Dj-Zack
        Password:
        Dj-Zack is not in the sudoers file. This incident will be reported.
        Zacharis-MacBook-Air:~ Dj-Zack$

        any help?

  5. saintdirtyone says:

    I have a similar issue as well, but I can’t get to singal user mode by holding comand s. I am running Sierra version 10 .12.6

  6. Sotheavy says:

    i have issued the comment but i got the reply like this:
    “Jay:~ jay$ dscl . -append /groups/admin GroupMembership jay
    attribute status: eDSPermissionError
    DS Error: -14120 (eDSPermissionError)
    Jay:~ jay$ ”

    so what is the problem?

    • Nirav says:

      “Jay:~ jay$ dscl . -append /groups/admin GroupMembership jay
      attribute status: eDSPermissionError

      — ———–
      Hi jay, use this command to elevate the right to admin and it should work.

      Sudo dscl . -append /groups/admin GroupMembership jay

  7. yağız says:

    The only account in my Mac is a standart user. The root account is the Admin. When ı try this commands ı get dscl_cmd> DS Error: -14120 (eDSPermissionError). I don’t have the root password and ı can’t use sudo command please help .

  8. srijith says:

    Thanks a lot was able to do the changes

  9. Anders says:

    Thanks a lot Dona,

    This was really really helpful – finally after hours of struggling my standard user is now elevated to Admin.
    The extra admin account created by using your procedure can then easily be deleted by clicking – if desired.
    I am using High Sierra 10.13.2 on a Macbook Pro 15-inch
    2017

  10. Dona says:

    I already fixed my issue. Here’s how to do it

    Turn off your macbook > hold command + S then turn on (hold still until terminal appears) at the very end input these commands;

    mount -uw / (press enter)
    rm /var/db/.AppleSetupDone (enter)
    ‘reboot’

    Note: make sure that you don’t insert an space bar between / and .AppleSetupDone
    Make sure also you input the right commands with their proper cases because it is case sensitive.

    Hope it will works with yours too.

  11. Dona says:

    Have the same issue with Daniel Acevedo. Please help us to fix this

  12. Daniel Acevedo says:

    Hi my only account is an standard account, I don’t have a user name for the administrator user, I can’t log in anymore or make changes that require administrator permission. I’ve tried this but it doesn’t work, do you know what I can do?

  13. Corey says:

    You should also be able to delete the user from the admin group by entering.

    sudo dscl . -delete /groups/admin GroupMembership USERNAME

    also keep in mind these commands have to be run with Sudo unless your logged in as the root user.

  14. Jaap says:

    How to reverse?
    My own user account has admin priviliges.
    Long ago I devined a special “admin” account to avoid having to type in the password after “wakening up” in my own account. It seems now that that is only necessary when starting the computer or changing users, so I want to delete that special account (part of cleaning up things), but I cannot delete that status or account, not in my own (admin) account nor in that “admin” account. I wonder is there a way?

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site