diff --git a/.travis.yml b/.travis.yml
index 110a35a5e7721a77d423a0e102c69097f4f76d2c..3d5ac3473f5e72fb4667a7dcb58304b3ae70b605 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,7 +14,7 @@ env:
         - platform: trusty
         - platform: precise
         - &stretch platform=stretch
-        - platform: jessie
+        - &jessie platform=jessie
         - platform: wheezy
 matrix:
     fast_finish: True
@@ -22,6 +22,7 @@ matrix:
         - python: "3.5"
         - env: *openbsd59
         - env: *stretch
+        - env: *jessie
 cache:
   - pip
   - directories:
diff --git a/defaults/main.yml b/defaults/main.yml
index cd79f0982d786cdcf6a2482e8d1f925b5aa879fc..fd9cc2a0108d257a9b63b293272ae540bb46c4bc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,7 @@
 ---
 # defaults file for users
+
+users_prune: False
 users_lock_root_ssh: True
 users_use_sudo: True
 users:
@@ -8,7 +10,7 @@ users:
       comment: '{{ ansible_hostname }} root'
       #shell: /bin/bash
       #uid: 0
-      #groups: sudoers
+      #groups: '{{ users_sudo_group }}'
       #pubkeys:
       #- '{{ lookup("file", "id_rsa.pub") }}'
       #email: none@nowhere.com
diff --git a/tasks/main.yml b/tasks/main.yml
index f9d645666f412490735031f9fd05507d5c6c4bd5..a534b629b18918cf2ba4c2b244550a78953d4c40 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,6 +8,7 @@
         - users is iterable
         - users_lock_root_ssh in [ True, False ]
         - users_use_sudo in [ True, False ]
+        - users_prune in [ True, False ]
         # OpenBSD 5.7 was the last version that came with sudo installed.
         - >
             ansible_os_family != 'OpenBSD' or
@@ -39,7 +40,7 @@
 
 - name: Add public keys
   with_items: '{{ users }}'
-  when: '{{ item.pubkeys is defined }}'
+  when: item.pubkeys is defined
   authorized_key:
       key: '{{  item.pubkeys|join ("\n") }}'
       user: '{{ item.name }}'
@@ -47,7 +48,7 @@
 
 - name: Add email aliases
   with_items: '{{ users }}'
-  when: '{{ item.email is defined }}'
+  when: item.email is defined
   lineinfile:
       dest: '{{ aliases_file[ansible_os_family] }}'
       create: yes
@@ -58,3 +59,6 @@
 
 - include: lock_root_ssh.yml
   when: users_lock_root_ssh
+
+- include: prune.yml
+  when: users_prune
diff --git a/tasks/prune.yml b/tasks/prune.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d9e665b26f60cd9c9c85e4cee2778509f801d32c
--- /dev/null
+++ b/tasks/prune.yml
@@ -0,0 +1,24 @@
+---
+
+- name: Get list of users
+  getent:
+      database: passwd
+
+- name: Get login user
+  become: False
+  changed_when: False
+  command: whoami
+  register: users_whoami
+
+- name: Get the nobody uid
+  become: False
+  changed_when: False
+  command: id -u nobody
+  register: users_nobody_uid
+
+- name: Prune users
+  with_items: '{{ getent_passwd|difference(users_unique_names)|difference(["nobody", users_whoami.stdout.strip()]) }}'
+  when: getent_passwd[item][2]|int > 999 and getent_passwd[item][2] != users_nobody_uid.stdout.strip() # Actual, non-system users.
+  user:
+      name: '{{ item }}'
+      state: absent
diff --git a/tests/playbook.yml b/tests/playbook.yml
index d2be996274b25d09f6ea7653bec3eaaf9999e6a7..dd6689c61a311fd08af2ae2f97368f4d1d31f284 100644
--- a/tests/playbook.yml
+++ b/tests/playbook.yml
@@ -27,7 +27,7 @@
           - name: dummy
             groups:
                 - people
-                - sudoers
+                - '{{ users_sudo_group }}'
             pubkeys:
                 - '{{ lookup("file", "id_rsa.pub") }}'
           - name: person
@@ -46,21 +46,34 @@
         service:
             name: ssh
             state: started
+
+      - name: Was prune user already created during the test
+        stat:
+            path: /home/prune
+        register: users_prune_home
+
+        # Don't create the user again during the Molecule idempotence test.
+      - name: Create user to prune
+        when: not users_prune_home.stat.exists
+        user:
+            name: prune
+            state: present
   strategy: free
   roles:
     - role: users
+      users_prune: True
   post_tasks: # For testing purposes
       - name: Create .ssh directory
         file:
-            path: '{{ ansible_user_dir }}/.ssh'
+            path: /root/.ssh
             state: directory
 
       - name: Copy private key
         copy:
             src: id_rsa
-            dest: '{{ ansible_user_dir }}/.ssh/id_rsa'
+            dest: /root/.ssh/id_rsa
             mode: 0o0400
 
       - name: Add localhost key to known hosts
         changed_when: False
-        shell: 'ssh-keyscan localhost >> ~/.ssh/known_hosts'
+        shell: 'ssh-keyscan localhost >> /root/.ssh/known_hosts'
diff --git a/tests/test_users.py b/tests/test_users.py
index 2832d1e12061dfd039dc0fa98fc123c4042c2487..4a1f8cf6284aa9f598ab2734a44cc8daa909a1e8 100644
--- a/tests/test_users.py
+++ b/tests/test_users.py
@@ -3,5 +3,10 @@ from testinfra.utils.ansible_runner import AnsibleRunner
 testinfra_hosts = AnsibleRunner('.molecule/ansible_inventory').get_hosts('all')
 
 
-def test_users(Command, Ansible):
-    Command('''ssh dummy@localhost sudo whoami''').stdout == 'root'
+def test_users(Command, Ansible, Sudo):
+    with Sudo():
+        assert Command('''ssh dummy@localhost sudo whoami''').stdout == 'root'
+
+
+def test_users_prune(Command):
+    assert Command('id prune').rc > 0
diff --git a/vars/main.yml b/vars/main.yml
index 04b83275a09061d2a0a18ebeb591edbf3a35299d..c51737ea5c5d38e012b4edd04dd65b53d0ab52c2 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -16,3 +16,5 @@ users_sudo_pkg:
 users_unique_groups: '{{ users|selectattr("groups", "defined")|sum(attribute="groups", start=[])|list|unique }}'
 
 users_sudo_group: "{{ 'wheel' if ansible_os_family == 'OpenBSD' else 'sudo' }}"
+
+users_unique_names: '{{ users|map(attribute="name")|list|unique }}'