pepmachine's answer is correct..that will work, but is awfully annoying.
Here is a way I have found to work...attempt at your own risk:
READ THE WHOLE POST BEFORE EXECUTING ANY COMMANDS 🙂
In Terminal:
sudo psql -U _devicemgr -d devicemgr_v2m0 -h /Library/Server/ProfileManager/Config/var/PostgreSQL/
The above connects to the devicemgr_v2m0 database, which is the Profile Manager database in 3.1.1. This is different in different versions of OSX Server, so you may need to google for the proper connection strings on something other than 10.9/3.1.1.
Then, in devicemgr_v2m0=# prompt type:
DELETE FROM public.inactive_users WHERE inactive_users.od_node_id = 1;
You should then see a response (where # = number of rows that were deleted)
DELETE #
Type the following to quit
\q
The logic behind the query is that the users are still showing because they are listed in the inactive_users table even though they were deleted from the system. Only users who did NOT have settings associated with them linger. If you had a user who had a payload associated with them, then that user should disappear from PM when you delete them.
The od_node_id appears to indicate what source the users came from.
1 = Local Users
2 = Local Network Users
3+ Would appear to be network sources like bound LDAP/AD domains (I have only a #4 for a bound AD domain).
I believe it is *probably* safe to actually delete all users, as any users which still exist will show back up when you refresh the list in PB. To do this you could just issue:
DELETE FROM public.inactive_users
The caveats with this may be:
1) PM has to rebuild a larger list of users, this may take some time (?)
2) If the users were somehow attached to something this might break that connection. Although I don't think this is an issue because it appears that users who are attached to something (like a payload) would properly get deleted anyway as mentioned above.
To do this for groups, do the same things except replace all instances of
inactive_users
with
inactive_user_groups
Again, use this at your own risk.