We help IT Professionals succeed at work.

Remove AD Profiles of deleted accounts

Last Modified: 2012-05-11
Our organization is a Windows 2003 AD Domain with several hundred XP Pro clients.  We do not use roaming profiles.  This, over time leaves numerous orphaned profiles as users leave and their domain accounts are deleted.  I am looking for a way to programatically have non AD account profiles removed when the computer is rebooted or on log out.

When a user leaves, the account is disabled and moved to a Disabled User OU for a two week period.  After that, the account is deleted from AD.

The way I see it working is as follows.  Please forgive the bad pseudo code :)

On logout
      Enumerate profiles in C:\Documents and Settings
      Compare Profile 1 to active AD Users
            If match, Do Nothing
            If match Exempted account (Local Admin, Default User) Do Nothing
            If no match, delete profile
            Log Deletion to network storage
      Next Profile

Any and all assistance is greatly appreciated.
Watch Question

Top Expert 2011

Could you elaborate on Log Deletion to network storage?


Sorry, that was rather vague.  What that means is I would like a log of all the profiles deleted to be written to a log file on a network share.
Top Expert 2011
Unlock this solution and get a sample of our free trial.
(No credit card required)


Looks good.  Will test this out and post results.


Works great!  Thank you very much!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.