ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Roaming Profile Cleanup Script

    IT Discussion
    windows desktop profiles roaming windows 8 windows 7 windows 8.1 windows 10
    5
    6
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse
      last edited by

      For some reason - I have someone that wants to go into the local computer(s) of the office and clean out all the departed Users. They are pretty adamant about deleting users no longer at the company.

      This seems like a good candidate for a script, as there are about 20 computers in the office and I have no real desire to log into all 20 of them to delete them.

      Is this best suited for PowerShell or batch file? Could you delete the local computer folder for the user on logout?

      RamblingBipedR 1 Reply Last reply Reply Quote 1
      • travisdh1T
        travisdh1
        last edited by

        Doesn't AD automatically do this?

        We're up to 10 users here and roaming profiles would be a very good thing as they all jump between different computers. This sort of thing is nice to know before hand.

        gjacobseG 1 Reply Last reply Reply Quote 0
        • gjacobseG
          gjacobse @travisdh1
          last edited by

          @travisdh1

          No - User accounts are 'left' so that is connection to the AD / DC is lost, then the user can still log on.

          J 1 Reply Last reply Reply Quote 1
          • RamblingBipedR
            RamblingBiped @gjacobse
            last edited by RamblingBiped

            @gjacobse I am not the one to give specifics, because I'm not nearly as versed in powershell as I would like to be. However, I would think that this would be a task best suited for powershell. I would look at constructing the script so that it checks for existing domain accounts that have been either disabled or inactive for a set period of time and then goes through the necessary steps to cleanly remove them from all systems that they have logged into and cached/established a local profile.

            Aside from that you could just use thermite. I not-so-fondly remember the woes associated with managing roaming profiles with proprietary banking software at a previous employer.

            Blech...

            Good luck!

            1 Reply Last reply Reply Quote 0
            • M
              marcinozga
              last edited by

              https://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/

              This tool will list all inactive profiles on whatever computer you run it against. I use it all the time to clean users profiles.

              1 Reply Last reply Reply Quote 1
              • J
                Jason Banned @gjacobse
                last edited by

                @gjacobse said:

                @travisdh1

                No - User accounts are 'left' so that is connection to the AD / DC is lost, then the user can still log on.

                That's not totally true, all profiles files are left, that doesn't mean you can still login to it necessarily. There's no process for AD to talk to the local computer to tell it the user was removed. It is just a directory service, The local computer has to request to login to the account. There is no method AD to tell computers anything changed without them requesting.

                1 Reply Last reply Reply Quote 2
                • 1 / 1
                • First post
                  Last post