Earlier this year I was tasked with cleaning up the workstations on our network to help reduce the amount of time needed for our daily virus scan to complete. One of the issues I took on was cleaning up old cached profiles from the use of roaming profiles. This was not something I wanted to do manually for the 150 PCs that we have across our building, so I made a script that would look for profiles that had not been modified in the last 90 days and wasn’t a system account (localservice, networkservice, default user, all users). Also, an advantage of using a script to do this is it can produce a report of what it will remove without actually doing it. That way you can be sure that you are not deleting things that you do want to keep.
This script does depending on file and print sharing being turned on for the workstation so the script can access the administrative shares on each computer. It does make the assumption that your profiles are saved in the default windows location C:\Documents and Settings\%username% and that you are the administrator for the domain.
Configuration
- Be sure to update the LDAP string ‘LDAP://OU=workstations,DC=subdomain,DC=domain,DC=com’ to match your Active Directory structure. The script needs to know where all the workstation are in Active Directory
- Find objConnection.Open “DomainController” and modify the put your Domain Controller in place of DomainController
- Find OldProfile objRecordSet.Fields(“Name”).Value, “C:\deletedprofiles.csv” and modify the filename to save the file where you and and named what you want, just be sure to leave the extension as CSV so it will open properly with your spreadsheet application.
- Most Importantly – Comment out fsoFolder.DeleteFolder objSubfolder, TRUE if you just want a report of what it will delete when run, if not it is currently setup to remove the unwanted profiles
Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "shs-login" Set objCOmmand.ActiveConnection = objConnection objCommand.CommandText = _ "Select Name, Location from 'LDAP://OU=workstations,DC=subdomain,DC=domain,DC=com' " _ & "Where objectClass='computer'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF OldProfile objRecordSet.Fields("Name").Value, "C:\deletedprofiles.csv" objRecordSet.MoveNext Loop Sub OldProfile(strComputer, strFilename) On Error Resume Next Set StdOut = WScript.StdOut Set objFSO = CreateObject("scripting.filesystemobject") Set logStream = objFSO.opentextfile(strFilename, 8, True) Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") If Err.Number Then logStream.writeline(strComputer & ",Offline") Err.Clear Else On Error Resume Next Set objShell = CreateObject("Shell.Application") Set fsoFolder = CreateObject("Scripting.FileSystemObject") root = "\\" & strComputer &"\C$\Documents and Settings" Set objFolder = fsoFolder.GetFolder(root) Set colSubfolders = objFolder.Subfolders For Each objSubfolder in colSubfolders If (lcase(objSubfolder.Name) <> "localservice" AND lcase(objSubfolder.Name) <> "networkservice"_ AND lcase(objSubfolder.Name) <> "default user" AND lcase(objSubfolder.Name) <> "all users") then If (DateDiff("D", objSubfolder.DateLastModified, Date()) > 90) then logStream.writeline(strComputer & ",Online,Delete," & objSubfolder & "," & objSubfolder.DateLastModified) fsoFolder.DeleteFolder objSubfolder, TRUE else logStream.writeline(strComputer & ",Online,Active," & objSubfolder & "," & objSubfolder.DateLastModified) End If else logStream.writeline(strComputer & ",Online,System," & objSubfolder & "," & objSubfolder.DateLastModified) End If Next End If logStream.Close End Sub