A.D. Group Policy "Delete user profiles older than a specified number days on system restart ” not working

Group policy for deleting old user profiles not working in Windows.

We implemented the Active Directory Group Policy:
“Delete user profiles older than a specified number days on system restart ” to clear old profiles older than 30 days from the PC.

Unfortunately it doesn’t work, nothing gets deleted.

I tracked this down to the setting it looks at for each profile: the “LastUseTime”.
Something was changing the LastUseTime in NTUSER.DAT to today’s date for every user on the computer. Could be something in Windows or maybe our antivirus. Anyhow, it stopped the policy from working.

You can check this with the PowerShell script:
Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and ($_.ConvertToDateTime($_.LastUseTime) -lt (Get-Date).AddDays(-30))}

(Thanks to Charlie Smith on Spiceworks for this)
https://community.spiceworks.com/how_to/124316-delete-user-profiles-with-powershell

Instead, use  the “LastDownloadTime” to check the date of profile download:
Get-WMIObject -class Win32_UserProfile | Where {(!$_.Special) -and ($_.ConvertToDateTime($_.LastDownloadTime) -lt (Get-Date).AddDays(-30))} | Remove-WmiObject

Now it works!!!! I added a shutdown script Group Policy.

NOTE:- there are sometimes errors running this script because the LastDownloadTime or LastUseTime is sometimes empty. You can ignore this error.

Richard Artes Nov 2017

Comments

Post a Comment

Popular posts from this blog

Restore a deleted OneDrive for Business account from Office365: "A site collection with the same Site Id or Path already exists."

If a user has left, their license gets removed and their OneDrive for Business account gets automatically deleted for a period of 93 days. If you try and restore a user, and un-delete their OneDrive, you run into a problem as restoring the account atomically creates a new empty OneDrive. Restoring gets you this error:- Restore-SPODeletedSite : A site collection with the same Site Id or Path already exists. You have to permanently delete the new empty OneDrive account, then restore then old deleted one back:- To delete permanently the newly created (empty) site:- Remove-SPOSite -Identity https://xxxxxx-my.sharepoint.com/personal/xxxxxxxxx To restore the automatically deleted (full) site:- Restore-SPODeletedSite -Identity https://xxxxxx-my.sharepoint.com/personal/xxxxxxxxx
Read more

Server Manager will not start, error .NET Framework: "This application requires one of the following versions of the .NET Framework:"

Server Manager will not start on Windows Server 2019 after installing ADConnect. Error ServerManager.exe: This application could not be started. .NET Framework: "This application requires one of the following versions of the .NET Framework:xxxxx Do you want to install .NET framework now?" Of course it's already installed automatically on the server, so if you try and install it again you can't, error "already installed". Try the .NET repair package, can't repair the install. Try dsim.exe to install the package, error "Microsoft .NET Framework is already part of this installation". .NET Runtime version : 4.0.30319.0 - This application could not be started.This application requires one of the following versions of the .NET Framework:  v4.0.30319 The answer is to re-create the registry entries deleted when you installed ADConnect:- [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "AspNetEnforceViewStateMac"=dw
Read more