I would add a check to make sure that the device can actually talk to the domain controller before performing any of this. Ran into that during testing where a user took a shared laptop home to finish what they were working on. Woulda sucked if I had deleted every profile as a result. Otherwise this script is awesome and I really appreciate you all doing the homework for us on this.

I did this on user property's and now won't let me close out says error applying security? Don't know how fix

Thanks a lot Bro. Good Job!

can we do this for disable user accounts? or a using last logon dates?

Very helpful!

What's the difference btw directly deleted it from the menu than using ps. it's more easy to delete them on the menu than using instructions?

Fantastic !

I'm getting: InvalidOperation [Remove-wmiobjet] COMException Remote-wmiObject -inputObject $profile Any Ideas?

Thank you very much

i love your script! Maybe add logging as it may be handy. As wel as the path of the folder that is deleted so its added to the log. Then deploy it in a GPO and another issue is automated :) 15-6-2024, change log: - changed logging to 'local folder\logs' with cleaning - added colors for easier output reading - tested on 2012R2/2016/2019/2022, added check as it doesn't work on 2012R2 and older, for clients that means windows 8 and older! -- tested with GPO/Task scheduler, runs fine Script, copy from clear to below and save it in DeleteOldProfiles.ps1: Clear # Defining and Setting up logging $scriptpath = Split-Path $MyInvocation.MyCommand.path $logfile = @(mkdir ($scriptpath + '\Logs') -Force).fullname + "\$($scriptfilename)-$($env:computername).$($env:userdnsdomain)" + "-Log-$(Get-Date -f "yyyyMMdd-HHmmss").log" Start-Transcript -Path $logfile #Clean Logs $Folder = ($scriptpath + '\Logs') #Delete files older than 6 months Write-Output "Clean log Folder" Get-ChildItem $Folder -Recurse -Force -ea 0 | ? {!$_.PsIsContainer -and $_.LastWriteTime -lt (Get-Date).AddDays(-180)} | ForEach-Object { $_ | del -Force Write-Output "Deleting $Folder\$_.FullName" } Write-Output "Logs purged" #Detect OS Version as it only works correctly in Server 2016 and newer $OSVersion = (get-itemproperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ProductName).ProductName if ($OSVersion -notmatch "2016|2019|2022") {Write-host -ForegroundColor Red "Windows server 2016, 2019, 2022 not detected! This script doesn't run correct on older versions, it deletes ALL profiles! Stopped Script!" Stop-Transcript Break } Write-Host -ForegroundColor Cyan "Windows 2016 or newer required, $OSVersion"detected. #Get Profiles $userProfiles = Get-WmiObject -Class Win32_UserProfile foreach ($profile in $userProfiles) { $userSID = $profile.SID $userAccount = $null $LocalPath = $profile.LocalPath #Try to get the user account associated with the profile try { $userAccount = [System.Security.Principal.SecurityIdentifier]::new($userSID).Translate([System.Security.Principal.NTAccount]).Value } catch { #An exception occurs when the user account doesn't exist } #Check if a user account was found if ($userAccount -eq $null) { #Delete the user profile Write-Host -ForegroundColor Green "Deleting user profile $LocalPath with SID $userSID" Remove-WmiObject -InputObject $profile } } Write-Host -ForegroundColor Cyan "Finished cleaning User profiles." Stop-Transcript