sivtec
asked on
Delete Local Profiles via Disabled AD Accounts
Hey guys,
My programming knowledge lacks greatly. Curious if there is a batch script out there that would help greatly improve efficiency.
We have A huge number of employees that come and go. They are added to AD and then are disabled when they are terminated. The problem is, we have three "RDP" machines that all of these users get on. So when they log in Windows creates a local profile for them. Well now space is an issue and one of the ways we have saved quite a bit is deleting all of the disabled termed local profiles. The problem is currently I have to open the Domain controller on one screen and have the RDP machine on the other and look at each one, then delete. It takes a TON of time and i have to do it on every RDP machine considering they are not a roaming profile.
So my question is, is there a script that will look into your AD tree and find all of the Disabled accounts and then delete them on the computer that has the local profiles? Or vice versa, look at all of the local profiles, look them up in AD and if they are disabled, delete the profile? I can't imagine this is the only way to do this. Thoughts?
My programming knowledge lacks greatly. Curious if there is a batch script out there that would help greatly improve efficiency.
We have A huge number of employees that come and go. They are added to AD and then are disabled when they are terminated. The problem is, we have three "RDP" machines that all of these users get on. So when they log in Windows creates a local profile for them. Well now space is an issue and one of the ways we have saved quite a bit is deleting all of the disabled termed local profiles. The problem is currently I have to open the Domain controller on one screen and have the RDP machine on the other and look at each one, then delete. It takes a TON of time and i have to do it on every RDP machine considering they are not a roaming profile.
So my question is, is there a script that will look into your AD tree and find all of the Disabled accounts and then delete them on the computer that has the local profiles? Or vice versa, look at all of the local profiles, look them up in AD and if they are disabled, delete the profile? I can't imagine this is the only way to do this. Thoughts?
ASKER
Hey Footech,
The RDP's are all running Windows Server 2008 R2. The DC is also Windows Server 2008 R2.
The RDP's are all running Windows Server 2008 R2. The DC is also Windows Server 2008 R2.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
group policy
Group Policy setting. Under Computer Configuration ' Administrative Templates ' System ' User Profiles 'Delete user profiles older than a specified number of days on system restart'
Group Policy setting. Under Computer Configuration ' Administrative Templates ' System ' User Profiles 'Delete user profiles older than a specified number of days on system restart'
ASKER
Thanks Foottech. I think i will go test that in the Microsoft labs see if it's what I need, but that is a great start.
Thanks David for the idea however, that won't work because some employees don't log on to the RDP's for awhile even if they aren't termed but that's a good idea nonetheless.
Thanks David for the idea however, that won't work because some employees don't log on to the RDP's for awhile even if they aren't termed but that's a good idea nonetheless.
The script provided in https:#a40980923 meets the requirements asked for:
1) look into your AD tree and find all of the Disabled accounts
2) and then delete them on the computer that has the local profiles
Always nice to get confirmation from the asker, but there's no doubt the script works as I've used it, and so the post should be accepted as the answer (and I believe there's some actual value in not deleting the question).
1) look into your AD tree and find all of the Disabled accounts
2) and then delete them on the computer that has the local profiles
Always nice to get confirmation from the asker, but there's no doubt the script works as I've used it, and so the post should be accepted as the answer (and I believe there's some actual value in not deleting the question).
What OS are the DCs?