This is for users and groups that are defined by /etc/passwd and /etc/group et al as opposed to LDAP-based users.
TODO: TBC
Each user's primary group must exist before the user is created unless --user-group is specified on the useradd command.
useradd --comment 'User Name' --create-home --gid <primary group name or number> --groups <comma separated list of secondary groups>
Reference: http://www.howtoforge.com/linux_remove_users
Everything belonging to a user should be removed before the user is removed so a three stage process is required: disabling, artifact removal and finally user removal.
After this is done the user cannot create any further artifacts. In the examples below $u is the user name.
Disable logons and ssh sessions:
usermod --lock --shell /usr/sbin/nologin
$urm -fr /home/$u/{.ssh{,2},.{s,r}hosts,.forward}
Kill any processes belonging to the user.
Remove any associated users from /etc/sasldb2, .htaccess files, personal MySQL and postgres users, samba ...
Edit any user's crontab, commenting out any job lines:
crontab -u $u -e
Remove or comment out any entries for the user in /etc/sudoers:
visudo
Remove the user's membership of secondary groups:
usermod --groups ''
$u
Remove the user's public key from /root/.ssh/authorized_keys if present.
Change any common passwords known by the user, for example: shared KeePass, common MySQL and postgres users, root ...
Unless storage space is short, better to preserve the user's home directory (in case something is needed later or for audit) but render it inaccessible:
mv /home/$u{,.preserved} && chmod 000 /home/$u.preserved
Find any other files and directories owned by the user (the command will also search network mounted file systems) and remove or change ownership as appropriate:
find / -user $u
Remove references to the user from miscellaneous configurations: /etc/samba/smb.conf(.source),
There may be very little benefit from doing this step.
deluser $u
In case the user has a dedicated group with the same name:
delgroup $u
TODO: TBC