Active Directory incremental sync may remove wrong users from internal directory like in below scenario:

1. Create directory with memberOf filter
2. Create user with name "admin" in AD with memberOf atrribute passing filter from step.1
3. Run inc sync (or full sync).
4. Remove memberOf attribute and rename user "admin" to => "not_admin"
5. Create new user with passing memberOf attribute and name "admin"
6. Run inc sync.
7. Delete "not_admin" user.
8. Run inc sync

As an effect user with name "admin" will be removed from internal directory.