[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

Remove AD Profiles of deleted accounts

Our organization is a Windows 2003 AD Domain with several hundred XP Pro clients.  We do not use roaming profiles.  This, over time leaves numerous orphaned profiles as users leave and their domain accounts are deleted.  I am looking for a way to programatically have non AD account profiles removed when the computer is rebooted or on log out.

When a user leaves, the account is disabled and moved to a Disabled User OU for a two week period.  After that, the account is deleted from AD.

The way I see it working is as follows.  Please forgive the bad pseudo code :)

On logout
      Enumerate profiles in C:\Documents and Settings
      Compare Profile 1 to active AD Users
            If match, Do Nothing
            If match Exempted account (Local Admin, Default User) Do Nothing
            If no match, delete profile
            Log Deletion to network storage
      Next Profile

Any and all assistance is greatly appreciated.
0
minder49
Asked:
minder49
  • 3
  • 2
1 Solution
 
prashanthdCommented:
Could you elaborate on Log Deletion to network storage?
0
 
minder49Author Commented:
Sorry, that was rather vague.  What that means is I would like a log of all the profiles deleted to be written to a log file on a network share.
0
 
prashanthdCommented:
Try the following...

Mention the folder path where logs will be written.

The script will automatically create a log file with machine name and append to it.
log_file_path="\\server\c$\profile_deleted_logs\" 'ensure path ends with a "\"


Const LocalDocumentsFolder = "C:\Documents and Settings\"
Const ADS_SCOPE_SUBTREE = 2
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.GetFolder(localdocumentsfolder)
log_file=log_file_path & WshNetwork.ComputerName & "_Profile_Deletion.log"
If Not objfso.FileExists(log_file) Then
	objFSO.CreateTextFile(log_file)
End If

Set logfilewrite=objfso.OpenTextFile(log_file,8)
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 


On Error Resume Next

For Each fldr In objFolder.SubFolders
    If Not isexception(fldr.name) Then
        fpath=fldr.Path
        Err.Clear
        objFSO.DeleteFolder fldr.path, True
        If Err.Number=0 Then
            logfilewrite.WriteLine WshNetwork.ComputerName &" - " & fpath & " - Deleted"
        Else
            logfilewrite.WriteLine WshNetwork.ComputerName &" - " & fpath & " - Not Deleted check manually"
        End If
    End If
Next

objConnection.Close
logfilewrite.Close

Function isException(byval foldername)
    Select Case foldername
        Case "All Users"
        isException = True
        Case "Default User"
        isException = True
        Case "LocalService"
        isException = True
        Case "NetworkService"
        isException = True
        Case "Administrator"
        isException = True
        Case Else
        strName = foldername
        objCommand.CommandText = _
        "SELECT * FROM 'LDAP://"& strdnsdomain &"' WHERE objectCategory='user' " & _
        "AND samAccountName='" & strName & "'"
        Set objRecordSet = objCommand.Execute
        If objRecordset.RecordCount = 1 Then
            isException = True
        Else
            isException = False
        End If
        objRecordset.Close
    End Select
End Function

Open in new window

0
 
minder49Author Commented:
Looks good.  Will test this out and post results.
0
 
minder49Author Commented:
Works great!  Thank you very much!
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now