w2k server compromised

From: Dan Uscatu (duscatu@lunatech.ro)
Date: 01/23/03

  • Next message: John Howie: "RE: Attacking EFS through cached domain logon credentials"
    From: "Dan Uscatu" <duscatu@lunatech.ro>
    To: <focus-ms@securityfocus.com>
    Date: Thu, 23 Jan 2003 10:16:57 +0200
    
    

    hey all

    i just found one of the w2k servers to be infected and acting very
    strangely.
    unfortunately it is a domain controller and it has all the
    users/computers lists.

    how can i export these before reinstall in order to keep the exact same
    configuration (everything except passwords of course) ?
    i suppose this could be usefull to be done on a regular basis too...

    TIA