diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc
index 7b1d4b106f89ece8bdd82e574d74d0181447b087..5e7a29ad196967b8503a7573fb77979317f3f5f7 100644
--- a/setup/class_setupStep_Migrate.inc
+++ b/setup/class_setupStep_Migrate.inc
@@ -891,6 +891,29 @@ class Step_Migrate extends setupStep
 
   function check_adminAccount_migrate_confirm(&$checkobj)
   {
+    global $config;
+    session::global_set('CurrentMainBase', $config->current['BASE']);
+
+    /* Creating role */
+    $ldap = $config->get_ldap_link();
+
+    $ldap->cd($config->current['BASE']);
+    $ldap->search('(&(objectClass=gosaRole)(gosaAclTemplate=*:all;cmdrw))', array('dn'));
+    if ($attrs = $ldap->fetch()) {
+      $roledn = $attrs['dn'];
+    } else {
+      $tabObject  = objects::create('aclRole');
+      $baseObject = $tabObject->getBaseObject();
+
+      $baseObject->cn               = 'admin';
+      $baseObject->description      = _('Gives all rights on all objects');
+      $baseObject->gosaAclTemplate  = array(array('all' => array('0' => 'cmdrw')));
+
+      $tabObject->save();
+      $roledn = $tabObject->dn;
+    }
+
+    /* Creating user */
     $tabObject = objects::create('user');
     $_POST['givenName']                   = 'System';
     $_POST['sn']                          = 'Administrator';
@@ -905,6 +928,24 @@ class Step_Migrate extends setupStep
       return FALSE;
     }
     $tabObject->save();
+    $admindn = $tabObject->dn;
+
+    /* Assigning role */
+    $tabObject  = objects::open($config->current['BASE'], 'aclAssignment');
+    $baseObject = $tabObject->getBaseObject();
+
+    $assignments = $baseObject->gosaAclEntry;
+    array_unshift(
+      $assignments,
+      array(
+        'scope'   => 'subtree',
+        'role'    => $roledn,
+        'members' => array($admindn),
+      )
+    );
+    $baseObject->gosaAclEntry = $assignments;
+    $tabObject->save();
+
     return TRUE;
   }