I am looking for a way to add users to a Windows machine (Win2003
specifically) where I can specify the encrypted password and SID. If
only the ADDUSERS utility just has two extra command line options for
encypted password and SID, it would be perfect for me.

I know it is possible to do this with utilities like Ideal Migration,
but that costs $400 and I am looking for a more universal solution.

Thanks!

What exactly are you trying to do? I have never seen a Windows
Administration tool that will allow you to setup a user with a
pre-defined SID and I don't see the reason for setting up a user with
an encrypted password. Once you set the user up the password is
encrypted in the local database on the server, or in the Active
Directory database if it is a domain user.

Trying to manage SIDs yourself is a very bad idea because very bad
things can happen if you setup the SID incorrectly or inadvertantly
assign a SID twice. That is why Windows controls SID generation and
management.

Migration tools generally only deal with SIDHistory which is different
than assigning a pre-determined SID. A migration tool will take the
SID of a user from DomainA and populate that SID into the SIDHistory
field of the migrated user in DomainB, but the real sid of the user in
DomainB is different than the SID in the SIDHistory field.

forge

I had to transplant a disk drive from one server to a different one.
Neither machines were part of domains. I needed to recreate the users
from the old machine on the new machine and make it so they could
access thier files on the transplanted disk drive. I knew all the
users' encrypted passwords.

What exactly do you need to acces on the hard disk?
Is it the System Disk with th OS or just a disk with the data?
What does the ACL of the disk/folder looks like?
Have you tried to use the Local Admin account?

The primary issue is that I needed to preserve all the users'
encrypted passwords. I have no way of getting touch with many of these
users, so I have no way of telling them what thier new password was if
I had to change it.

One solution would be to try and crack all the encyripted passwords,
but unfortunately I had pretty good pasword security in place, so that
is turning out to be nearly impossible.

Another solution would be to re-add all the users with blank passwords
and then reset thier encyripted passwords back to what they should be
by messing with the SAM directly. Unfortunately I am not really a
Windows guy and I can not figure out how to do this. I can't figure
out where the SAM data is actually stored and where the encypted
passwords would be in there so I can change them.

Being able to set the SID would really just save me the trouble of
dumping the old ACLs and reaplying the new ones - but that is possible
to do wiht normal tools. I just figured that if I could set the
encrypted password, the SID would be right there in the same place
too, so it would be easy to change them together.