0

We have a windows 2003 server with around 2000+ local accounts on it. Most of these accounts are used simply to authenticate a user accessing a web application on the server (basic authentication in IIS). They do not use desktop logins.

We are now moving to a new server that runs windows server 2008, and are facing the issue of how to migrate the local account username/password combinations to the new server.

Is this possible with built-in tools?

Could i convert the existing local accounts into active directory accounts, then join the 2008 server into the active directory and sync the accounts that way?

I have seen a product called winzero password copy and winzero server migration tool. Are these reliable tools for the job? http://www.winzero.ca/

Any other advice on how to approach this welcomed.

UPDATE

We went with the Winzero Server Migrator software and it successfully migrated 2000+ local accounts on a 32 bit windows 2003 server to a 64bit windows 2008 server, passwords intact.

Baldy
  • 195
  • 2
  • 11
  • Basic authentication in IIS still requires a CAL for every Device or User from MS (there are exceptions for certain licensing). – Chris S Oct 18 '10 at 14:44

2 Answers2

0

I don't think that what you're asking is strictly possible without cracking every local account's password. It's not possible to just "export" local accounts with their passwords intact. It may be easier to upgrade the current server (after taking a VERY verified backup) to Server 2008, and attempt to image that onto your new hardware.

Yes, that's painful, but the closest thing to what you're asking for.

If you were to import them to your AD domain, I'd do it to an OU with VERY limited rights. I'd certainly set the "Logon To" property to a dummy computer account (or maybe the IIS server), and deny "logon locally" and remote desktop for that OU's members.

Another option would be to create a separate domain in your DMZ for these users, but I'd still be pretty restrictive about what they could get to...

gWaldo
  • 11,957
  • 8
  • 42
  • 69
  • so are you saying you can upgrade a server to use active directory and it will take the local accounts and upgrade them to AD accounts? – Baldy Oct 19 '10 at 10:21
  • we cannot upgrade the server, it is simply not an option. – Baldy Oct 19 '10 at 10:43
  • No, I'm not saying that adding the DC role to the existing server will make the local accounts Domain accounts. I don't know what the promotion would do to those accounts, in fact. – gWaldo Oct 19 '10 at 13:23
  • If you can't upgrade the old server (even temporarily and then restore back from the backup once the new one is up) the only other option is to take a backup or snapshot, attempt to place it on the new server, and then upgrade the new server to 2008. – gWaldo Oct 19 '10 at 13:25
0

We went with the Winzero Server Migrator software and it successfully migrated 2000+ local accounts on a 32 bit windows 2003 server to a 64bit windows 2008 server, passwords intact.

Baldy
  • 195
  • 2
  • 11
  • Is this company still exist? Can't seem to get the email get through and contact them as well. winzero.ca seems to be closed ?? –  Apr 14 '14 at 03:58
  • Maybe so, it was 4 years ago when i contacted them – Baldy Apr 15 '14 at 09:01