1: cat /etc/passwd | awk -F: '{ if ($3 >= 100) { print $1 } }' ... this shows you all users that aren't system accounts (system generally is below 25 for the UID).

2: If you run a database, check your database for users. Users in a db don't have to have a login, especially if they can connect through JDBC or ODBC-oriented applications (I think that's right).

A common mistake to 'lock out' a user was to do something like this:

Code:
#!/bin/sh

echo "You've been locked out. Deal."


Make this executable and put it as the user's shell. Problem is, it only works with telnet. FTP (back in the day) wouldn't check the shell. Now, ftp daemons check the shell of the user and sometimes, if it's not registered in /etc/shells or something similar, it won't let you in.