Deleting domain user profile folders from a PC was a simple task in older versions of Windows. But Delprof stopped working after XP and some newer tools like Delprof2 and RemProf aren’t compatible with Microsoft’s new calculation methods. Here’s what we had to do:
History:
Or rather, build. The environments we’ve supported have a lot of floating users and the PCs tend to have relatively small hard drives. After 30 or so users have logged into a PC, free drive space is down to an almost critical level. The current batch of utilities, like RemProf and DelProf2, don’t correctly calculate the age of user profiles since Windows and some AV scanners will “touch” the files and folders in the profile directories when running an update or scan.
We needed a utility that would calculate the age based on Microsoft’s new methods (see here), compare that to a department specified age, and allow for certain exclusions. From necessity, ADProfileCleanup.exe is born!
Usage:
ADProfileCleanup.exe <Number of days> <ExcludeLocal=Yes|ExcludeLocal=No> <Excluded1 Excluded2>
UPDATE: Version 1.26.3.6 We’ve updated the app to fix a bug where a a profile was marked as an exception when it wasn’t specified on the command line. A few loop optimizations were also made.
UPDATE: Version 1.25.10.8. We’ve updated the app to remove the WMIC dependency since it is currently deprecated in Windows 11 and to be removed in the next release of Windows.
UPDATE: Version 1.25.9.10. Output is now sorted by username instead of SID. Exceptions and profiles that are less than the specified age (that is, not to be deleted) are included in the output as well.
IMPORTANT: The WMIC dependency has been removed so the following no longer applies. If you’re using Windows 11, one of the dependencies (WMIC.exe) may not be installed. Microsoft has made it into a “feature on demand” for builds 22572 and later. To add it, run this from an elevated command prompt or Powershell:
DISM /Online /Add-Capability /CapabilityName:WMIC~~~~
UPDATE: Version 1.24.10.4. Fixed date calculations that caused orphans to not be deleted.
UPDATE: Version 1.24.9.30. Fixed command line input validation (array subscript error).
UPDATE: Version 1.24.5.22. Adds Windows Event Log support (entries are added to the Application Log) and will report if there are no actions to perform (instead of just exiting) on both the command line and the Application Log.
UPDATE: Version 1.24.3.19. A few loop optimizations were made. Fixed an issue where local profile data was being deleted under certain circumstances.
UPDATE: Version 1.23.8.1. There are no functional changes but the help text has been updated with examples and better explanations.
UPDATE: Version 1.23.5.22 supports a new required command line argument which allows exclusion of local profiles.
Notes:
The first command argument must be an integer. Negative values will show a preview of the operation (a “what if”). Zero (0) and negative zero (-0) are supported.
The second command argument must be either ExcludeLocal=Yes or ExcludeLocal=No. This will exclude (or not exclude) local account profiles from deletion.
You can optionally exclude up to 10 users. You must use the sAMAccountName format for the exclusions (see below). Don’t use UPN, CN, DN, RDN, SID, or wildcards. AD Groups are not supported.
Orphaned profiles, where the profile folder exists but a corresponding AD account does not, cannot be excluded from deletion.
Example 1:
ADProfileCleanup.exe -30 ExcludeLocal=Yes rbryant pcombatir
Preview deletion of profile folders older than 30 days, preserve any local profile folders and exclude RBryant and PCombatir from deletion even if those profile folders are greater than 30 days old.
Example 2:
ADProfileCleanup.exe 90 ExcludeLocal=No sfujibayashi zwilder
Delete profiles older than 90 days, delete any local profile folders and exclude SFujibayashi and ZWilder from deletion even if those profile folders are greater than 90 days old.
Please note it won’t delete any accounts, just the profile folders.
Test, test, test!
Download:
Get it here (version 1.26.3.6, 64-bit version only).
A VirusTotal scan was run on 6 March 2026. See the report here. Since it’s written in AutoIt, some AV vendors may flag it as malicious. Rest assured that it’s a false positive. That’s why VirusTotal links are supplied above and the file hashes (try HashTab or OpenHashTab) are below.
| x64 Hashes | |
| MD5 | F606D2ADE52A7F3C7848E1570B0AD7DF |
| SHA-1 | 7F3D633EE672255FA6B2A20E016DC347A24AFDC2 |
| SHA-256 | A107C5738FCAFAF1A1DCD87F2D49DD7601CAE8A282B9A476D1F858549E9B8576 |
Disclaimer
As usual, use this app at your own risk. Since it’s primary function is to delete files, and it can’t be stressed enough, you must thoroughly test! As of this writing, it has been run against Windows 10 Enterprise versions 20H2 and 22H2 and Windows 11 Enterprise versions 23H2 and 25H2. It has worked reliably and without issue in both our lab and several production environments.
Do not use ADProfileCleanup on any versions of Windows 10 <=1803 . Those versions of Windows 10 do not populate the registry keys necessary for ADProfileCleanup to correctly calculate the profile age.
Versions of Windows 10 1809 or greater are compatible.
That said, there are neither warranties nor guarantees. If you do run into issues or bugs during use, scroll down and leave a comment or contact us.
Peace and victory,
rsn
Supporting this site
The apps and scripts available here are free-ish and include support. Here at GB/2 Labs, we really like the idea of Pay What You Want. If you find AD Profile Cleanup useful, you can set your own price for a license based on what you feel the functionality is worth to you or your organization. If your business requires it, contact us for a proper invoice. Otherwise, please consider a donation/tip below.
Buy Us a boba tea or Lunch 🙂
Choose an amount:
Or enter a custom amount:
We at GB/2 Labs appreciate your generosity, contributions and support. Thank you.
Tip/DonateIf you’d like to send cryptocurrency (Bitcoin, Dogecoin, or Ethereum/US Dollar Coins/US Dollar Tether), see the addresses below.
BTC: 3JKbb5uATkxHHhYSqg49jBq8ykRXLjEHsF
DOGE: D96UZpWWQfDWW4u7DZKZCGCoWVsw6qGFFK
ETH/USDC/USDT:0x9356528d2b820426F6D82F4787724472232c097c
(Please note that ETH/USDC/USDT only support the ETH/ERC20 networks!)
rsn 
Wondering if you have plans for WMIC full removal? it’s fully gone in 25H2… https://www.reddit.com/r/sysadmin/comments/1nimb7e/windows_management_instrumentation_commandline/
LikeLike
It’s now available in downloads
We have plans for replacing the WMIC call.It’s in testing right now.LikeLike
Great tool, is there a silent switch for this? Also was a bit confused in your second example; Why would you exclude two users if ExcludeLocal=No? Thanks
LikeLike
There’s no silent switch as of this writing, but if you append >nul 2>&1 it will not echo anything to the command window. Example:
ADProfileCleanup.exe 90 ExcludeLocal=No sfujibayashi zwilder>nul 2>&1For the example, ExcludeLocal=No is for local accounts (
%computername%\Administrator, for example) and the two users that are excluded are domain level accounts.LikeLiked by 1 person
I understand now, thanks for the reply. Is there a reason for the limit to exclude 10 users? I’ve found use cases that would require excluding more than 10.
LikeLike
I understand now, thanks for the reply. Is there a reason for the limit to exclude 10 users? I have use cases that would require excluding more than 10.
LikeLike
During testing no one ever exceeded 10 users so we left it at that.
The actual limiting factors are the number of characters you can input on the command line and the maximum path length. According to Microsoft, it’s ~8000 for the command-line string limitation and 260 or ~32000 for the maximum path length.Correction: it’s actually 60. The limitation is from the AutoIt scripting language.
LikeLike
Hi! It doesn’t work properly on Windows 11H25. When im excluding local, preview says that ALL the profiles will be deleted (except one, which actually SHOULD be deleted). For me, excluding profiles by their name also don’t work 😦 It will delete ALL or delete nothing, even the local admin account 😦
LikeLike
Can you send a sample of your command line? I’ll see about spinning up (what I assume is) Win11 Enterprise 25H2 for a test.
LikeLike
We updated today (6 March) to address the issue you reported. Thanks for trying our app!
LikeLike
Hi, can you add parameter to only show accounts that will be deleted like it was in older versions of the app?
LikeLike
That might be doable. We’ll investigate.
In the meantime, if you’re running in test mode, you can kind of filter with
findon the command line:ADProfileCleanup.exe -60 ExcludeLocal=YES | find /i "would be"rbryant would be deleted (77 days old)
pcombatir would be deleted (86 days old)
sfujibayashi would be deleted (72 days old)
zwilder would be deleted (80 days old)
If you’re running in live mode:
ADProfileCleanup.exe -60 ExcludeLocal=YES | find /i "deleting"rbryant is deleting (77 days old).
pcombatir is deleting (86 days old).
sfujibayashi is deleting (72 days old).
zwilder is deleting (80 days old).
LikeLike
Hello, I wanted to give it a go with your app, but it looks like the profile age calculation does not work properly. I have checked a couple of shared workstations, and already in the morning multiple accounts appear to have been used today, which is not correct. Sending an example from one workstation, with usernames deleted:
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 27 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 5 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 0 days old).
would not be deleted (not old enough: 8 days old).
would not be deleted (not old enough: 23 days old).
would not be deleted (not old enough: 0 days old).
would be deleted (102 days old)
would not be deleted (not old enough: 3 days old).
Usually per day only one user works on one workstation, there is no way, that all these users have used this workstation already. I have checked a couple of other workstations and it is the same story there.
Some future ideas maybe…Maybe you could add an option to delete disabled accounts, regardless of age. I have done something similar with powershell. It lists all the profiles on a workstation, then checks against AD, whether each user is Enabled or not and if not, the profile is free to be deleted.
Best regards,
Rene
LikeLike
Thank you for trying out our little app. To better understand the issue you’re reporting, I’d ask you send an email to us (please use the contact form).
LikeLike