I was recently tasked with changing a password on a lightly used web application running on IIS6 on Windows Server 2003. Of course I didn’t know what the current password was. I did a bit of Bing’ing and couldn’t find a way to get the password for Windows Server 2003. There were plenty of answers for 2008 and later. (Appcmd.exe)  After a little bit of digging I finally came up with an answer. You can use AdsUtil.exe with the enum_all parameter. The output lists the passwords in plain text. It dumps a lot of data, so you’ll want to dump the info to a text file.

http://msdn.microsoft.com/en-us/library/ms525006.aspx