diff --git a/test/functional/WorkerRemoveUsersFromGroupTest.php b/test/functional/WorkerRemoveUsersFromGroupTest.php
new file mode 100644
index 00000000..06bb743e
--- /dev/null
+++ b/test/functional/WorkerRemoveUsersFromGroupTest.php
@@ -0,0 +1,70 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use UnityWebPortal\lib\UnityUser;
+use UnityWebPortal\lib\UnityLDAP;
+
+class WorkerRemoveUsersFromGroupTest extends TestCase
+{
+    private function writeLinesToTmpFile(array $lines)
+    {
+        $file = tmpfile();
+        if (!$file) {
+            throw new RuntimeException("failed to make tmpfile");
+        }
+        $path = stream_get_meta_data($file)["uri"];
+        $contents = implode("\n", $lines);
+        $fwrite = fwrite($file, $contents);
+        if ($fwrite === false) {
+            throw new RuntimeException("failed to write to tmpfile '$path'");
+        }
+        return $file;
+    }
+
+    public function testRemoveUsersFromGroup()
+    {
+        global $USER, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK;
+        switchUser(...getUserIsPIHasNoMembersNoMemberRequests());
+        $pi = $USER;
+        $pi_group = $USER->getPIGroup();
+        $this->assertTrue($pi->isPI());
+        $this->assertEqualsCanonicalizing([$pi->uid], $pi_group->getGroupMemberUIDs(true));
+        $this->assertEqualsCanonicalizing([$pi->uid], $pi_group->getGroupMemberUIDs(false));
+        $this->assertEqualsCanonicalizing([], $pi_group->getRequests());
+        $uids = getSomeUIDsOfQualifiedUsersNotRequestedAccountDeletion();
+        $uids_to_remove = array_slice($uids, 0, 3);
+        $expected_new_uids = array_diff(array_merge([$pi->uid], $uids), $uids_to_remove);
+        $remove_uids_file = $this->writeLinesToTmpFile($uids_to_remove);
+        $remove_uids_file_path = stream_get_meta_data($remove_uids_file)["uri"];
+        try {
+            foreach ($uids as $uid) {
+                $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+                $pi_group->newUserRequest($user, false);
+                $pi_group->approveUser($user, false);
+            }
+            [$_, $output] = executeWorker(
+                "remove-users-from-group.php",
+                "$pi_group->gid $remove_uids_file_path",
+            );
+            print implode("\n", $output);
+            // our $LDAP is not aware of changes made by worker subprocess, so throw it out
+            unset($GLOBALS["ldapconn"]);
+            switchUser(...getUserIsPIHasNoMembersNoMemberRequests());
+            $pi = $USER;
+            $pi_group = $USER->getPIGroup();
+            $this->assertEqualsCanonicalizing(
+                $expected_new_uids,
+                $pi_group->getGroupMemberUIDs(false),
+            );
+            $this->assertEqualsCanonicalizing(
+                $expected_new_uids,
+                $pi_group->getGroupMemberUIDs(true),
+            );
+        } finally {
+            foreach ($uids as $uid) {
+                $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
+                $pi_group->removeUser($user);
+            }
+        }
+    }
+}
diff --git a/test/functional/WorkerUpdateLDAPCacheTest.php b/test/functional/WorkerUpdateLDAPCacheTest.php
new file mode 100644
index 00000000..47837e02
--- /dev/null
+++ b/test/functional/WorkerUpdateLDAPCacheTest.php
@@ -0,0 +1,25 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use UnityWebPortal\lib\UnityUser;
+use UnityWebPortal\lib\UnityLDAP;
+
+class WorkerUpdateLDAPCacheTest extends TestCase
+{
+    public function testFlushAndThenUpdate()
+    {
+        global $USER, $REDIS;
+        switchUser(...getUserIsPIHasAtLeastOneMember());
+        $initial_value = $USER->getPIGroup()->getGroupMemberUIDs(false);
+        [$_, $output_lines] = executeWorker("update-ldap-cache.php", "-f");
+        error_log(implode("\n", $output_lines));
+        // switchUser(...getUserIsPIHasAtLeastOneMember()); // refresh $REDIS
+        $after_flush_value = $REDIS->getCache($USER->getPIGroup()->gid, "members");
+        $this->assertEqualsCanonicalizing([], $after_flush_value);
+        [$_, $output_lines] = executeWorker("update-ldap-cache.php");
+        error_log(implode("\n", $output_lines));
+        // switchUser(...getUserIsPIHasAtLeastOneMember()); // refresh $REDIS
+        $after_update_value = $REDIS->getCache($USER->getPIGroup()->gid, "members");
+        $this->assertEqualsCanonicalizing($initial_value, $after_update_value);
+    }
+}
diff --git a/test/phpunit-bootstrap.php b/test/phpunit-bootstrap.php
index 2091029e..303d2642 100644
--- a/test/phpunit-bootstrap.php
+++ b/test/phpunit-bootstrap.php
@@ -158,6 +158,30 @@ function http_get(string $phpfile, array $get_data = []): void
     }
 }
 
+/**
+ * runs a worker script
+ * @throws RuntimeException
+ * @return [return code, output lines]
+ */
+function executeWorker(string $basename, string $args = "", bool $doThrowIfNonzero = true): array
+{
+    $command = sprintf("%s %s/../workers/%s %s 2>&1", PHP_BINARY, __DIR__, $basename, $args);
+    $output = [];
+    $rc = null;
+    exec($command, $output, $rc);
+    if ($doThrowIfNonzero && $rc !== 0) {
+        throw new RuntimeException(
+            sprintf(
+                "command failed! command='%s' rc=%d output=%s",
+                $command,
+                $rc,
+                jsonEncode($output),
+            ),
+        );
+    }
+    return [$rc, $output];
+}
+
 // delete requests made by that user
 // delete user entry
 // delete user group entry
@@ -216,6 +240,7 @@ function ensureUserNotInPIGroup(UnityGroup $pi_group)
         $pi_group->removeUser($USER);
         ensure(!$pi_group->memberExists($USER));
     }
+    // FIXME removeUser already removes the uid from this redis, this shouldn't be necessary
     $REDIS->removeCacheArray(
         $pi_group->gid,
         "members",
@@ -338,3 +363,17 @@ function getAdminUser()
 {
     return ["user1@org1.test", "foo", "bar", "user1@org1.test"];
 }
+
+function getSomeUIDsOfQualifiedUsersNotRequestedAccountDeletion()
+{
+    return [
+        "user1_org1_test",
+        "user3_org1_test",
+        "user6_org1_test",
+        "user7_org1_test",
+        "user8_org1_test",
+        "user9_org3_test",
+        "user10_org1_test",
+        "user11_org1_test",
+    ];
+}
diff --git a/workers/clear-audit-log.php b/workers/clear-audit-log.php
index c7cfebf8..908fb2ac 100755
--- a/workers/clear-audit-log.php
+++ b/workers/clear-audit-log.php
@@ -1,8 +1,6 @@
 #!/usr/bin/env php
 <?php
-$_SERVER["HTTP_HOST"] = "worker"; // see deployment/overrides/worker
-
-require_once __DIR__ . "/../resources/autoload.php";
+include __DIR__ . "/init.php";
 
 // Days to keep
 $days = 30;
diff --git a/workers/group_user_request_owner_reminder.php b/workers/group_user_request_owner_reminder.php
index 9464712c..915a4bca 100755
--- a/workers/group_user_request_owner_reminder.php
+++ b/workers/group_user_request_owner_reminder.php
@@ -5,9 +5,7 @@
 Removes the request after 34 days have passed.
  */
 
-$_SERVER["HTTP_HOST"] = "worker"; // see deployment/overrides/worker
-
-require_once __DIR__ . "/../resources/autoload.php";
+include __DIR__ . "/init.php";
 use UnityWebPortal\lib\UnityGroup;
 
 $today = time();
diff --git a/workers/init.php b/workers/init.php
new file mode 100644
index 00000000..82ec7ebb
--- /dev/null
+++ b/workers/init.php
@@ -0,0 +1,17 @@
+<?php
+if (!array_key_exists("HTTP_HOST", $_SERVER)) {
+    $_SERVER["HTTP_HOST"] = "worker"; // see deployment/overrides/worker
+}
+if (!array_key_exists("REMOTE_ADDR", $_SERVER)) {
+    $_SERVER["REMOTE_ADDR"] = "127.0.0.1"; // needed for audit log
+}
+
+require_once __DIR__ . "/../resources/autoload.php";
+
+// UnityHTTPD::die() makes no output by default
+// builtin die() makes a return code of 0, we may want nonzero
+function _die(string $msg, int $exit_code)
+{
+    print $msg;
+    exit($exit_code);
+}
diff --git a/workers/remove-users-from-group.php b/workers/remove-users-from-group.php
index 01fe8c99..25142e17 100755
--- a/workers/remove-users-from-group.php
+++ b/workers/remove-users-from-group.php
@@ -1,29 +1,20 @@
 #!/usr/bin/env php
 <?php
-$_SERVER["HTTP_HOST"] = "worker"; // see deployment/overrides/worker
-
-require_once __DIR__ . "/../resources/autoload.php";
+include __DIR__ . "/init.php";
 use UnityWebPortal\lib\UnityUser;
 use UnityWebPortal\lib\UnityGroup;
 
-// builtin die() makes a return code of 0, we want nonzero
-function _die($msg)
-{
-    print $msg;
-    exit(1);
-}
-
 if (sizeof($argv) != 3 or in_array($argv, ["-h", "--help"])) {
-    die("Usage: $argv[0] group_name filename_of_users_to_remove\n");
+    _die("Usage: {$argv[0]} group_name filename_of_users_to_remove\n", 1);
 }
 
 $gid = $argv[1];
 $filename = $argv[2];
 $group = new UnityGroup($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
 if (!$group->exists()) {
-    _die("No such group '$gid'\n");
+    _die("No such group '$gid'\n", 1);
 }
-($handle = fopen($filename, "r")) or _die("Can't open '$filename'\n");
+($handle = fopen($filename, "r")) or _die("Can't open '$filename'\n", 1);
 while (($line = fgets($handle)) !== false) {
     $uid = trim($line);
     $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php
index d4e5c396..124bc40c 100755
--- a/workers/update-ldap-cache.php
+++ b/workers/update-ldap-cache.php
@@ -1,8 +1,6 @@
 #!/usr/bin/env php
 <?php
-$_SERVER["HTTP_HOST"] = "worker"; // see deployment/overrides/worker
-
-require_once __DIR__ . "/../resources/autoload.php";
+include __DIR__ . "/init.php";
 
 use UnityWebPortal\lib\UnityConfig;
 use UnityWebPortal\lib\UnityLDAP;
@@ -17,11 +15,13 @@
 
 $options = getopt("fuh", ["help"]);
 if (array_key_exists("h", $options) or array_key_exists("help", $options)) {
-    echo "arguments:
+    _die(
+        "arguments:
     f: flush cache and then update
     u: update cache even if already initialized
-    h --help: display this message\n";
-    die();
+    h --help: display this message\n",
+        0,
+    );
 }
 if (array_key_exists("f", $options)) {
     echo "flushing cache...\n";