For WebLogic server, during domain creation screen you create a user weblogic (this could be any name used during domain creation screen) and set password (user and password is stored in weblogic’s embedded LDAP server in hashed format which makes it impossible to decrypt) . This user (weblogic) is then used to login to WebLogic Console and acts as superuser for WebLogic Server including Fusion Middleware (FMW) applications like WebCenter, UCM, OBIEE, ODI …

What if you forgot password for this user after installation ?This post covers steps to create another user in WebLogic domain which will act as super user or create another user with same name (weblogic) with password of your choice.

 Note: This process will remove all users created in weblogic’s embedded LDAP server and there will only be one user (which will act as superuser) after doing below steps.

Steps to create another superuser in weblogic (when password of existing user is lost)

1. Shutdown WebLogic Server (If Running) – Optional Step

2. Login to WebLogic Server and set environment variable

cd $DOMAIN_HOME/bin   (where DOMAIN_HOME is directory in which your domain exists, default value is $MW_HOME/user_projects/domain/base_domain)

. ./setDomainEnv.sh

3. Create a initialization file using command

java weblogic.security.utils.AdminAccount <weblogic_username> <weblogic_user_password> .  (Note the DOT at end of this command)

For Example

java weblogic.security.utils.AdminAccount weblogic welcome1 . (Note the DOT at end of this command)

This will create file  DefaultAuthenticatorInit.ldift in directory from which you executed this command .

4. Move file DefaultAuthenticatormyrealmInit.ldift  from $DOMAIN_HOME/security/ and replace it by  DefaultAuthenticatorInit.ldift generated in step 3

5. Move data directory under $DOMAIN_HOME/servers/<serverName>/datato another directory like data.bak (data directory contains files related to embedded LDAP and role mapping file). Replace <serverName> with WebLogic Server like AdminServer and managed server. Repeat this step for all managed servers which are part of this domain.

This step will remove all existing users/groups from WebLogic’s embedded LDAP server (recreate these users/groups in setp8)

6.Recreate boot.properites (if any) under $DOMAIN_HOME/servers/<serverName>/security with username and password created in step 3 above like
USERNAME=weblogic
PASSWORD=welcome1

7.Start (or restart) Admin Server and test if you can login to weblogic console using new username and password. 

8. Recreate any users/groups(which were part of default authenticator prior to new super user creation) or import existing users (from weblogic’s servers embedded LDAP server backup)