Script to Delete User Profiles on Domain Computers via GPO

Suggestions on script to delete user profiles on multiple domain computers that have not logged on over 3 months. However it needs to avoid specific accounts even if they haven’t logged on in 3 months(support/local admin accounts)

The simplest option I can think of is to use this: DelProf2

Olaf- the issue with DelProf2 is that since anti-virus scans folders it changes the date on the user folder to a more recent date. if i use the NTUSERINI switch then it deletes all accounts since ntuser.ini is used for roaming profiles and is created when the profile is created.

My vision is:

(1) collect

 Get-WmiObject -Class Win32_UserProfile 
for each domain computer that is reachable
(2) collect the LastLogonTimeStamp and LocalPath or UserName and convert to usable date/time
(a) list accounts to exclude(such as admin and Support accounts)
(b) list all accounts that haven’t logged in for a specified length of time and delete

Note that there’s no way to cleanly delete a profile in Windows 10. A lot of app-related stuff gets left over.

Thanks for posting the link to that script! It’ll be very helpful in managing profiles on our Citrix farm. I do have a question, though. Is it possible to use the Exclude parameter with an Account (ie. domain\firstname.lastname)instead of an account type (ie. Administrator)?

If that’s the user account for the profile then yes.
You can verify by using the Remove-Profile without the -Remove switch for reporting only.