Users not completely being deleted upon using the UAAC command line to delete said user. When you delete via the UAAC command line tool, it appears to leave a "ghost" user; meaning that upon deletion, if you check apps manager, the "deleted" user still remains with the user identifier changing from the actual user's name to the user's GUID. 

Steps to Reproduce:

• 1. Create a test user via CF CLI named 'test1' and add org and space manager roles:

Create test user 'test1'

cf create-user test1 testing12345

Add OrgManager and SpaceManager roles to user 'test1'


cf set-org-role test1 system OrgManager

cf set-space-role test1 system system SpaceManager

• 2. Confirm that the user has been created via CAPI. Take note of the GUID and username. In the screenshot below, those values have been redacted: 

cf curl -X GET '/v3/users' | jq .

You can also see that this user has been created in Apps Manager as well: 

• 3. Target UAAC to the UAA endpoint for TAS. This would be uaa.$SYSTEM_DOMAIN

The $SYSTEM_DOMAIN can be found by going to TAS Tile > Domains > System Domain

Plug in the system domain found from TAS tile in place of the $SYSTEM_DOMAIN variable below: 

uaac target uaa.$SYSTEM_DOMAIN --skip-ssl-validation

• 4. Generate a UAAC token:
  
  Get the CF UAA admin Token (or $CF_UAA_TOKEN in the command below) by the steps below:

1. 1. Go to TAS Tile > Credentials > UAA > Admin Client Credentials
   2. Click on the "Link to credential" link.
   3. Afterwards, take note of the Password value.
   4. Replace $CF_UAA_TOKEN with the Password value.
   5. You would replace $CF_UAA_TOKEN with your actual UAA token in the command below: 
      

      uaac token client get admin -s $CF_UAA_TOKEN

• 5. Confirm you are logged in by running uaac context. You should see an access_token assigned as admin:

uaac context

• 6. Confirm that the test1 user shows up when you list users in uaac.
  
  Note: Depending on the number of users that UAA is managing, it may paginate the results and flags --start and --count may be required to find your user.
  
  

  uaac users | grep "test1"

   

  
  # Example with --start and --count flags
  

  uaac users --start 1 --count 20 | grep "test1"

• • Delete the test1 user via uaac.
    

uaac user delete test1 --origin uaa

• • Check CAPI, and Apps Manager, and you see that this user has been replaced with a ghost ID. Note that before, the username was test1, but now, the username is null. Our GUID is also the same value we found in step 2: 

To delete these "ghost" users, use the command below: 

cf curl -X DELETE '/v3/users/$USER_ID'

• Note that the $USER_ID is the user id that appears for that "ghost" user in apps manager.
• In the example below, our command to delete the "ghost" user would be the following:

cf curl -X DELETE '/v3/users/####################'