Delete profiles after number of days not working on Windows 10

Question

Hello!

We are experiencing problems where the AD feature "Delete profiles after number of days" is not working on Windows 10 machines. I found another article that stated how the NTUser.dat date modified date is being updated with Windows updates and how this feature uses this date inside the ntuser.dat file.

I found a PS script that changes the ntuser.dat file's date modified to the users folder last modified date. This worked well by setting it up to run as a scheduled task, but now the feature is not working any longer.

Does anyone else have this problem with their Windows 10 machines? I'm not seeing any logs in event viewer giving me any clue why it's not deleting profile past 100 days (in my case). I also confirmed the GPO is setting this feature by checking the registry entry on the machine. This is happening across our entire environment on all Windows 10 boxes.

Please help!

Answer 1

Hello,

Thank you so much for posting here.

To further troubleshoot, how have we configured "Delete profiles after number of days"? Have we configured the GPO talked in the below link?

https://social.technet.microsoft.com/wiki/contents/articles/28647.how-to-automatically-delete-user-profiles-older-than-a-certain-number-of-days-using-group-policy.aspx

If we configured it via GPO, have we checked the gpresult since it is not working now?
For computer configuration:
Logon one client and open CMD, run as administrator. Type gpresult /h C:\report.html and click Enter. Open report file to check the policies under Computer Details.

For any question, please feel free to contact us.

Best regards,
Hannah Xiong

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

We have confirmed the GPO is deploying the setting just like your instructions stated in the link. We check rsop and gpresult and that setting is applying correctly on workstations but it just simply does not apply work when we restart the workstation I also verified the ntuser.dat date is not modified which is the issue we found originally.

Answer 3

Hello,

Thank you so much for your kindly reply.

As mentioned, the GPO is applied correctly on workstations. Meanwhile, check if the corresponding registry entries and values based on the policy setting are changed:

Besides, according to my research, "The main troubles associated with this automatic method of profile removal is waiting for the server restart and non-selectivity (you cannot prohibit deleting certain user profiles like local accounts, administrative accounts, etc.). Also, this policy may not work if some third-party software (most often it is an antivirus) accesses NTUSER.DAT file in user profiles and updates the date of last use."

Reference: http://woshub.com/delete-old-user-profiles-gpo-powershell/#:~:text=You%20can%20find%20the%20policy,using%20domain%20policies%20in%20GPMC.

Have we configured other GPO such as Folder Redirection? Are the profile types are Local or Roaming User Profiles?

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Best regards,
Hannah Xiong

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

I have the exact same issue. and its a big issue for us, cause when we make a InPlace upgrade of a device that have like 100 profil, its take many many hours!!

we alos tried with a powershell script, but it use win32_profileuser, so its the same problem.

Did someone find a solution to clear users profils ??