OK, update:

Secured some of the passwords from the old admin.

Network is actually:

2 windows 2000 Domains
1 NT Domain
1 Workgroup

Yeah, I know, the guy who left this was pretty bad, considering theres only 30 users and no reason business wise to have seperate domains.

I got Domain Admin with one of the passwords he left. But still need to get root on the rest.
There are MANY service packs missing as I gathered from LanGuard and Superscan Scans. It also seems to be default installations on the windows 2000 servers, many services running that dont need to be. I actually have a few exploits that may be able to get me Root on some of them, but dont wish to do that unless absolutly neccesary. Wass thinking of the WebDav vulnerability and using KaHT2 if it will work to create an admin account.

No trusts are set u p between domains so that leaves out using the current domain admin account I have.

Any other Ideas??

Thanks again!!