Only one Admin in Rec Mode Password Reset via Term?

box
New Contributor III

I know this may not be the place to ask, but I wonder if some of you can assist. 

When I go into Rec Mode (2021 MacBook Pro M1) I go in Term > resetpassword > however only ONE admin shows, when there's multiple. 

Can anyone advise why and how to solve? Thank you, 

3 REPLIES 3

Erinalopez
New Contributor II

I just want to tell you try to do that the issue may be related to the fact that the "resetpassword" command in Terminal only shows the first admin account on the Mac. To resolve this, you can try the following steps:

  1. Open Terminal and enter the command "dscl . -list /Users" to list all the user accounts on your Mac.
  2. Look for the names of the other admin accounts that are not showing up in the "resetpassword" command.
  3. Use the "dscl . -read /Users/username" command (replacing "username" with the name of the admin account) to check the account status and verify that it is indeed an admin account.
  4. If the account is not active, you can reactivate it using the command "dscl . -passwd /Users/username newpassword"
  5. You can then reset the password for the desired account using the "resetpassword" command and specifying the account name.

It's also worth noting that there is a way to reset the password for all admin accounts, but it needs to be done from recovery mode. So, you can try booting your MacBook Pro into Recovery mode (by holding Command + R while booting) and open Terminal, then you can use the "resetpassword" command without specifying an account name and it will reset the password for all admin accounts. my account access

jtrant
Valued Contributor

An admin must have a Secure Token to be able to perform actions in Recovery Mode. The easiest way to do this is to enable that user in FileVault, although there are ways to script your way around this or prompt end-users to use their account to grant a Secure Token to another admin user.

box
New Contributor III

Thank you for your replies. The other admins do show to be active. 

In the past, on other units, the same would occur. After X amount of tries of going in Rec Mode and trying to reset password, the other Admin users would eventually show. I am trying to see why this isn't always the case. 

Sometimes on the other hand, when I jamf a unit and test the possibility to reset password in rec mode, the other user shows right away. 

The inconsistency is strange.