Troubleshooting Windows NT User Configuration

This month I'll explain how to manage and manipulate user accounts for current and new users. Many of the solutions I'll discuss rely on Microsoft Windows NT Server 4.0 Resource Kit utilities. You'll want to install the resource kit not only for these utilities but also for the accompanying text.

Before you manipulate user accounts, you need to create an Emergency Repair Disk (ERD) with user account information. To add this information, add /s to the rdisk.exe command (i.e., rdisk /s). Your ERD is a security risk, so you'll want to securely store it.

How can I create a list of all user accounts?

The best way to produce a list of all user accounts in a domain or on a machine is to use the Microsoft Windows NT Server 4.0 Resource Kit addusers.exe utility. You can use this utility to add users who are listed in a detailed text file.

You can also use this utility to export current users and groups into a comma-separated file. A comma-separated file uses commas to separate fields. (Commas are the default characters, but you can use other characters to separate fields.) When a spreadsheet or database reads the file, the program replaces the commas with a new field.

Start the addusers.exe utility and type

addusers /d <file name>

You can then import the file into a spreadsheet or database.

You'll need to specify comma as the delimiter. If you want to use a different separator character, add the /s:character switch. For example, add /s:$ to the addusers command to set $ as the separator.

To obtain information (e.g., time and date of last logon) about members of a domain, you can use the resource kit usrstat.exe utility. Start the utility and type

usrstat <domain>

The resource kit utility showmbrs.exe shows all the users in a group. Members of a domain are automatically members of the domain's Domain Users group. (Domain Users includes computer accounts.) Start the utility and type

showmbrs "<domain>\domain users"

(Use quotation marks only if the group name has a space.) This approach might be useful in the future, but it currently doesn't work if the group has more than nine members.

If you don't have the resource kit, you can use NET commands to show users in the current domain. Go to the command line and type

net user /domain

To obtain information about each user, type

net user <username> /domain

You can create the file allusers.list with the output from the showmbrs command. Type

showmbrs "<domain>\domain users" > allusers.list