Re: @AC
"no, everyone's password was their student id used for tests!"
You'll be glad to know that the initial migration password I am setting on destination user accounts are md5sums calculated on a few bytes from (effectively) /dev/urandom, for each one. If the real source password doesn't sync and overwrite the random one then at least the account has a pretty decent password!
The default was to use the surname field!