We help IT Professionals succeed at work.

Remove AD Profiles of deleted accounts

569 Views
Last Modified: 2012-05-11
Our organization is a Windows 2003 AD Domain with several hundred XP Pro clients.  We do not use roaming profiles.  This, over time leaves numerous orphaned profiles as users leave and their domain accounts are deleted.  I am looking for a way to programatically have non AD account profiles removed when the computer is rebooted or on log out.

When a user leaves, the account is disabled and moved to a Disabled User OU for a two week period.  After that, the account is deleted from AD.

The way I see it working is as follows.  Please forgive the bad pseudo code :)

On logout
      Enumerate profiles in C:\Documents and Settings
      Compare Profile 1 to active AD Users
            If match, Do Nothing
            If match Exempted account (Local Admin, Default User) Do Nothing
            If no match, delete profile
            Log Deletion to network storage
      Next Profile

Any and all assistance is greatly appreciated.
Comment
Watch Question

Top Expert 2011

Commented:
Could you elaborate on Log Deletion to network storage?

Author

Commented:
Sorry, that was rather vague.  What that means is I would like a log of all the profiles deleted to be written to a log file on a network share.
Top Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Looks good.  Will test this out and post results.

Author

Commented:
Works great!  Thank you very much!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.