Global policies apply to both admin users and regular users in macOS. Be careful when you set your policies so that you don’t inadvertently lock out admin users.

Use these steps to unlock affected user accounts, including admin users.
If you lock out an Open Directory admin

In Terminal, use this command:

sudo pwpolicy -n /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi clearaccountpolicies 

If you lock out a local admin

Start the computer in single user mode. To start in single user mode, hold Command-S at startup.

Use the following commands to remove the global password policy when the shell prompt appears:

/sbin/fsck -fy

/sbin/mount -uw /

/bin/launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

/usr/bin/pwpolicy -n /Local/Default clearaccountpolicies
After entering the commands, press Control-D to restart the computer normally.

Reset the Open Directory administrator password

You can reset the Open Directory administrator password for macOS Server without affecting user data. If an administrator departs without leaving their password, this is the best way to access their account.

On the Open Directory server, open Terminal and use this command:
ldapsearch -LLL -x -H ldap://127.0.0.1 -s base namingContexts
In the output, look for the dc= entries, such as dc=ldap1,dc=example,dc=com. Note these entries.

Log in to the server as an administrator.

Open Terminal, then use the following command. Replace the sample dc= entries with the entries you noted before. Also, if the directory administrator account’s uid is not diradmin, change the command accordingly.

sudo ldappasswd -x -H ldapi://%2Fvar%2Frun%2Fldapi -S uid=diradmin,cn=users,dc=ldap1,dc=example,dc=com

Enter your administrator account password when prompted.

At the “New Password:” prompt, enter the new directory administrator password you want to use. Enter it again when prompted.

https://support.apple.com/en-us/HT200182