Deleting user profiles from a domain joined PC?
Ha! Easy! All I need to do is zap the folder inside C:\Users that matches the username of the domain joined user.
Hmm, that sounds reasonable but it’s actually insufficient because vestiges of the registry remain and we need to axe those too.
Here are a few profile purging solutions that will leave your PC immaculate.
If you manually deleted the domain user folder from C:\Users we need to make clean up a few registry keys before we can call it day.
Go ahead and open the Registry as an Administrator. Press the Windows Key and enter
then right click it and choose Run as Administrator.
After backing up the registry we need to search for the domain account name but instead of taking a hours to purse the entire registry, just click HKEY_USERS in the left pane, press Ctrl + f and enter the username of the account folder you just ousted.
Pay attention to the Security Identifier (SID) in the status bar at the bottom of the Registry Editor. It should display a long, seemingly arbitrary, number that begins like this:
This SID denotes the registry key that contains that domain user’s preferences. Let’s hunt it down so we can clean it up.
Oh, and I’ll refer to SID: S-1-5-21-3285709036-2449454244-3312884745-1105 as [SID] to save myself from typing this thing out.
Click through to:
Deleting this key wipes the user’s profile residue from your PC.
You should also delete the corresponding SID key from the Profile List.
Click through the registry and select the [SID] you just sent to oblivion in the previous step.
I’m aware the SID is long and it’s hard to know if you’ve got the right one so I always like to verify that I’m deleting the right registy key by checking the ProfileImagePath in the right pane.
Here you can see it matches the account I want to remove so I can safely delete this key by right clicking the [SID] in the left pane and choosing Delete.
The Safer Microsoft Way
Press Windows Key + r to open the Run window then type
Sysdm.cpl (that’s a lowercase “L”) opens the System Properties screen from the command line.
There’s actually a whole array of common control panel tools you can kick off from the command line. Microsoft has published over two dozen popular control panel commands if you’re interested. You can open everything from the Date/Time properties to your Internet Properties all from the Run box.
In the System Properties screen, click the Advanced tab and choose the middle Settings button to open your User Profile settings.
Select the profile to zap and click the Delete button below it.
Keep in mind that you need to be logged in as a local administrator and the user whose profile you wish to delete can’t be logged in. That’s why the delete button is grayed out for me because I’m logged in as the to-be-deleted user.
Is there an easier way?
There’s software out there that can alleviate the profile deletion tedium; however, I haven’t used these tools so I can’t really talk about it from experience.
That being said, Windows expert and software developer Helge Klein created a free tool that apparently deletes inactive user profiles in a cinch. His site is well documented and it looks pretty straightforward.
The tool is aptly called Delprof2 and can downloaded directly from Helge’s blog.
The Bottom Line
When you need to delete the user profile from a domain joined PC we need to do three things:
- Delete C:\Users\[account name]
- Delete HKEY_USERS\[SID]\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- Delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\[SID]
Alternately, we can run sysdm.cpl and delete the User Account from the User settings under the Advanced Tab.
Last of all, Helge Klein has a little tool that claims to do it all for you.
What method do you prefer when deleting domain user profiles?
Share in the comments below!