EH-Net

Hi all,


I thought you may be the best people to approach for an issue I have...

I look after around 200 small businesses and wanted to produce a script that I could use to quickly pull usernames from the server and crack them in a few simple clicks to demonstrate the dangers of weak passwords.

I came up with the following which I have posted to my blog.

http://www.anotherwayin.net/2010/09/fast-password-auditing-with-nmap-and.html

this is working great for win2k/2003 domain controllers, but now seeing as many of my clients are moving over to server 2008 (sbs2008) I need to find a way of achieving the same results.
So far the only way I can get get it to pull down the usernames is to enter the domain admin credentials  via the script-args.
 
There is very little, if no research out there for doing this so I am wondering if anyone can think of a way to make this work.
I am a bit of a begginner when it comes to programming, so I have used this opportunity to help me learn some bash scripting.

From the testing i've done it seems that it will not work with just a regular domain user/pass, ONLY the domain admin account.

There must be a way around this since domain users can join their pc's to the domain and then enumerate via net users /domain. (no domain admin account required)

thanks in advance.