We have a Policy for registration of users, but we don't have one for the deletion of users.
The settings are stored locally and are user based. The default settings are wrong:
Don't delete the mailfile at all
Don't remove user from directory right away
Don't remove id from the IDFault.
What we like to have is, a policy to set those things:
Delete Mailfile for all replications.
Remove User from directory
Remove ID from IDVault or set it as Inactive.