I upgraded a NT 4.0 domain to Windows 2003 AD. Auditors recently used ISS scanning tool to expose list of users on one of my DCs which holds no operations roles in AD.
The funny thing is that the list seems to contain users that only extisted prior to AD upgrade. Where could they have picked this up? Is there an NT file, i.e SAM database. Keep in mind that they picked this up on ad DC that was a clean install. I have one DC that was an NT 4.0 upgrade and they could not pick up this list.
Help is much appreciated.