Query your user table in CMOD and dump the RACF IDs to a file. Use that file to compare against the RACF file - and write all RACF IDs from your CMOD user file that do not have a match in the RACF file to a "not matched" file. Use the "not matched" file to build XML to delete the users from CMOD...
I've worked on a system that used RACF for security. What we did was have the RACF admins produce an 'audit' file each night showing all users they added, deleted or modified. We would then read that file and generate the XML to add/delete/update the users, as appropriate. That way, CMOD remains in sync with the RACF system.