When a user is being deleted in the AD, it will not be able to login to Crowd's Applications anymore.
But as the user still exisits in the LDAP Delegate, it will count against the license limits (of Crowd, Confluence, JIRA, whatever).
Support (CWDSUP-4973) told me to deactivate the user in Crowd manually in such cases.
This leads to a double maintenance (delete in AD, deactivate in Crowd). In addition the AD admins might not be Crowd admins.
Crowd could regularly (once per day?) check if the users in their Delegate Directories are still present/active in the AD and then deactivate them if they are not.