How to migrate windows users and retain passwords?

There isn't a "supported" method to do what you're asking for without involving Active Directory (AD). You could promote the current Windows Server 2003 computer to a Domain Controller (DC), which would "promote" all the local accounts to domain accounts. At that point you could join the new server to your domain as a DC and decommission the old server. That would do exactly what you want, but you'll have to use AD.

If you don't want to go w/ AD then you're stuck copying the details of the user accounts and resetting their passwords. I wrote a script to copy local user account properties for another Server Fault question, but that won't handle password migration. That script would be easy to modify, if you have a record of the passwords (which, admittedly, for security reasons isn't a great thing to have), to set the passwords during the copying.

You could use the PasswdHk password filter to capture user password changes on the old server. You'd have to ask everyone to change their password at least once after installing the filter. I can't recommend this course of action in good conscience without warning you that you'll be creating a situation where an attacker could steal the plaintext of your users' passwords by doing this, but it would work to build a password list for migration.

You can give Sys-Manage's CopyRight2 a trial. It has an easy to use graphical user interface that allows you to selecively copy user and group accounts including password hashes from one computer to another. It supports all possible scenarios, e.g. from member server to DC, DC to member server, cross domain, inner domain, workgroup mode... You can download it from their website located at: http://www.sys-manage.com/PRODUCTS/CopyRight/tabid/64/Default.aspx