Monday, July 4, 2011

Microsoft Windows - delete a local user profile whose account is missing from AD

Here's a post on how I helped my helpdesk colleagues to solve a strange problem.

John Doe's user account was deleted from Active Directory (he left the company over a year ago), but we could not delete his local profile on a Windows Server 2003:
  • through the user profiles control panel, it is not present
  • deleting the folder in "c:\documents and settings" said ntuser.dat is in use
  • The "User Profile Deletion Utility" (delprof) from Windows Server 2003 Resource Kit Tools doesn't find this profile either.
I checked with "Process Explorer" and saw his ntuser.dat was loaded.

NTUSER.DAT is a file containing the user's registry hive. it is loaded in the machine-wide registry under HKEY_USERS.

So we need to unload this user's registry hive, in order to delete his profile in "c:\document and settings"

You need to find out which SID (the S-1-5-21 ..etc) correspond to this user
So check the loaded hives in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

Then go back to HKEY_USERS , select the SID and go to file > unload hive.
You should now be able to delete his profile in "c:\documents and settings"