We have a windows 2003 server with around 2000+ local accounts on it. Most of these accounts are used simply to authenticate a user accessing a web application on the server (basic authentication in IIS). They do not use desktop logins.
We are now moving to a new server that runs windows server 2008, and are facing the issue of how to migrate the local account username/password combinations to the new server.
Is this possible with built-in tools?
Could i convert the existing local accounts into active directory accounts, then join the 2008 server into the active directory and sync the accounts that way?
I have seen a product called winzero password copy and winzero server migration tool. Are these reliable tools for the job? http://www.winzero.ca/
Any other advice on how to approach this welcomed.
UPDATE
We went with the Winzero Server Migrator software and it successfully migrated 2000+ local accounts on a 32 bit windows 2003 server to a 64bit windows 2008 server, passwords intact.
I don't think that what you're asking is strictly possible without cracking every local account's password. It's not possible to just "export" local accounts with their passwords intact. It may be easier to upgrade the current server (after taking a VERY verified backup) to Server 2008, and attempt to image that onto your new hardware.
Yes, that's painful, but the closest thing to what you're asking for.
If you were to import them to your AD domain, I'd do it to an OU with VERY limited rights. I'd certainly set the "Logon To" property to a dummy computer account (or maybe the IIS server), and deny "logon locally" and remote desktop for that OU's members.
Another option would be to create a separate domain in your DMZ for these users, but I'd still be pretty restrictive about what they could get to...
We went with the Winzero Server Migrator software and it successfully migrated 2000+ local accounts on a 32 bit windows 2003 server to a 64bit windows 2008 server, passwords intact.