So, I need to compile an account list from an Ancient Windows NT Domain Controller. I’d like to export the user, password, name and group to a text file for an audit and eventually addition to a new domain, likely manually. As far as I can find there’s no easy way to do this, what do you sys-admins who actually have a little knowledge and talent suggest? Thanks!
Ummm… you can move everything but the passwords over if you use the right software.
I saw some software like this “back in the day” where “the day” was 1999 or so.
I’ll check around for you.
I believe it is called addusers.exe. It should allow you to export your users to a text file.
I’ve gotten adduser.exe to work without much trouble, however the passwords aren’t in the output. The instructions I’ve seen indicate that it’ll allow you to create new users from this file, however I have no idea how this works without the existing passwords. The tool isn’t of much use when bulk creation of accounts omits the existing passwords.
How many users are you talking about?
OK, first off, you can’t list the password. To get the list of users you type NET USERS /DOMAIN at a command prompt. To get a list of groups you type NET GROUPS /DOMAIN. To get group membership, you type NET GROUP groupname /DOMAIN. You can redirect these to textfiles, eg NET USERS /DOMAIN > DomainUsers.txt. Read up on the FOR command and you’ll learn how to use a text file as input.
Yeah, you could use Lophtcrack (commercial software) to get the passwords, but then everyone would need to change them anyway. Your best bet is to use a script like addusers.exe to add all the existing users with one common password, and set the “password must be changed” option in every account.
If you can afford it, use a piece of software like Ideal Migration from Pointdev.
I’ve used it to export accounts and password hashes from one computer/domain to another. The passwords would not be visible, but since you can import the hashes directly into the new AD domain, there isn’t a huge security breach.