function StopWAMService {
    # Stop WAM service
    Write-Host "Stopping WAM Service."
    Stop-Service -Name "tokenbroker" -Force -ErrorAction SilentlyContinue

    Get-Process -Name "Microsoft.AAD.BrokerPlugin" -ErrorAction SilentlyContinue | Stop-Process -Force
}


function StartWAMService {
    # Start WAM service
    Write-Host "Re-starting WAM Service."
    Start-Service -Name "tokenbroker" -ErrorAction SilentlyContinue
}



# Get the list of user SIDs under HKEY_USERS
$users = Get-ChildItem -Path "Registry::HKEY_USERS"

# Loop through each user SID
foreach ($user in $users) {
    $joinInfoBasePath = "Registry::HKEY_USERS\$($user.PSChildName)\Software\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin\JoinInfo"

    # Check if the JoinInfo base key exists
    if (Test-Path -Path $joinInfoBasePath) {
        # Get all GUID-based subkeys under JoinInfo
        $guidSubKeys = Get-ChildItem -Path $joinInfoBasePath

        foreach ($guidSubKey in $guidSubKeys) {
            $guidPath = "$joinInfoBasePath\$($guidSubKey.PSChildName)"

            # Get the registry key values for the specific GUID
            $keyValues = Get-ItemProperty -Path $guidPath

            # Check if the UserEmail key exists and display it
            if ($keyValues.PSObject.Properties['UserEmail']) {
                $userEmail = $keyValues.UserEmail
                Write-Host "Removing GUID: $($guidSubKey.PSChildName) with UserEmail: $userEmail for user: $($user.PSChildName)"
            } else {
                Write-Host "Removing GUID: $($guidSubKey.PSChildName) with no UserEmail for user: $($user.PSChildName)"
            }

            # Remove the GUID-specific JoinInfo key
            Remove-Item -Path $guidPath -Recurse -Force
        }
    }
}

# Define the base path, using wildcard for the username
$basePath = "C:\Users\*\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_*"

# Loop through all matching directories for each user
$directories = Get-ChildItem -Path $basePath -Directory -Recurse | Where-Object { $_.FullName -like "*\TokenBroker\Accounts*" }

foreach ($dir in $directories) {
    try {
        # Delete the contents of the Accounts folder
	StopWAMService
	Remove-Item -Path "$($dir.FullName)\*" -Recurse -Force
        Write-Host "Contents of Accounts folder deleted: $($dir.FullName)"
	StartWAMService
    } catch {
        Write-Host "Failed to delete contents of Accounts folder: $($dir.FullName)"
    }
}