I am looking to remove all unused local accounts on all of our computers (400+/-.) I have a script that works for the basic part of removing the 2 local accounts that I’m mainly targeting, but I want to ensure it keeps all domain accounts. Is there a way to add a wildcard to the $AccountsToKeep line that would keep all domain accounts without typing each in? I tried ‘DOMAIN*’ but that didn’t seem to work.

Here’s what I’m using (and it seems to work, other than the ‘DOMAIN*’ part):

$AccountsToKeep = @(‘administrator’,’Public’,’default’, ‘NetworkService’, ‘LocalService’, ‘SystemProfile’, ‘DOMAIN*’)
Get-CimInstance Win32_UserProfile |
Where-Object { $PSItem.LastUseTime -lt [datetime]::Now.AddDays(-0) } |
Remove-CimInstance
Remove-Item c:userslocal1 -Recurse -Force
Remove-Item c:userslocal2 -Recurse -Force
net user local1 /delete
net user local2 /delete