Author Posts

February 6, 2018 at 3:05 pm

Can someone please help me with the following? I need to create a script that compares Get-WMIObject win32_userprofile against Get-ADuser. If the user profile name isn't disabled or does not appear in AD i simply want to remove them from the local machine. How can i filter out the disabled/none accounts in AD and loop through them? At that point i will make a switch that offers to remove them

February 6, 2018 at 3:36 pm

If you need a list of disabled AD accounts you can do this, then select samaccountname or whatever property you want to go off of.

get-aduser -filter {Enabled -eq $false}

February 6, 2018 at 4:20 pm

What kind of help do you need? To find diabled AD accounts you can use

Search-ADAccount -AccountDisabled -UsersOnly

To delete local profiles I would recommend to use delprof2 – IMHO the standard tool for this task for many years.