How to Programmatically Remove a Domain User Profile in Windows (Vista/7/XP) Using CMD and Registry Cleanup


3 views

When dealing with domain user profiles in Windows environments, it's crucial to understand that each profile consists of several components:

  • Registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • User folder in C:\Users (or C:\Documents and Settings in XP)
  • Profile-specific security identifiers (SIDs)

For manual removal:

1. Right-click Computer → Properties → Advanced system settings
2. User Profiles → Settings
3. Select the domain profile → Delete

For batch processing or remote machines:

@echo off
:: Delete profile via CMD
setlocal
set comp=%COMPUTERNAME%
set username=DOMAIN\user

wmic /node:%comp% path win32_userprofile where "localpath='c:\\users\\%username%'" delete

:: Alternative PowerShell method
powershell -command "Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.LocalPath -like '*DOMAIN\\user*' } | Remove-WmiObject"

To handle orphaned registry entries:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-*]

:: PowerShell alternative
$profileSID = (Get-WmiObject Win32_UserProfile | Where {$_.LocalPath -match "DOMAIN\\user"}).SID
Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$profileSID" -Force

When profiles won't delete:

:: Force delete locked profiles
del /f /q "C:\Users\DOMAIN~1\*"
rd /s /q "C:\Users\DOMAIN~1"

:: Take ownership first if needed
takeown /f "C:\Users\DOMAIN~1" /r /d y
icacls "C:\Users\DOMAIN~1" /grant administrators:F /t /c /q

For system administrators managing multiple machines:

function Remove-DomainProfile {
    param(
        [string]$ComputerName,
        [string]$Domain,
        [string]$Username
    )
    
    $profile = Get-WmiObject -Class Win32_UserProfile -ComputerName $ComputerName |
               Where-Object { $_.LocalPath -match "$Domain\\$Username" }
    
    if($profile) {
        $profile.Delete()
        Write-Host "Successfully removed profile for $Domain\$Username on $ComputerName"
    } else {
        Write-Warning "Profile not found for $Domain\$Username on $ComputerName"
    }
}

Remove-DomainProfile -ComputerName "WS01" -Domain "CORP" -Username "jdoe"

When managing domain-joined Windows machines (Vista Business, XP Pro, or 7 Pro in your case), you might need to remove specific domain user profiles without affecting the Active Directory account. This is particularly useful during system maintenance or when reallocating computers.

The simplest approach for one-off removals:

  1. Open System Properties (sysdm.cpl)
  2. Navigate to Advanced > User Profiles > Settings
  3. Select the domain profile and click Delete

For bulk operations or scripting purposes, use this PowerShell snippet:


# Get all user profiles except system accounts
$profiles = Get-WmiObject -Class Win32_UserProfile | 
            Where-Object { $_.LocalPath -like "*Users*" -and !$_.Special }

# Find target domain profile
$targetProfile = $profiles | Where-Object { $_.LocalPath -match "DomainUserName" }

if ($targetProfile) {
    $targetProfile.Delete()
    Write-Host "Successfully removed domain user profile"
} else {
    Write-Host "Profile not found"
}

For legacy systems, Microsoft's DelProf2 tool offers command-line control:


delprof2 /u:DOMAIN\username /q
  • Backup registry settings at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • Check for roaming profile conflicts
  • Verify disk quotas after deletion

This batch script works across Windows versions:


@echo off
set targetuser=DOMAIN\username
wmic userprofile where "localpath like '%%%targetuser%%%'" delete
if %errorlevel% equ 0 (
    echo Profile removed successfully
) else (
    echo Removal failed with error %errorlevel%
)