Do they understand that if they revoke the persons ability to log on via active directory, then they have already revoked that persons ability to log into Automic?
If they still want the added security of also altering Automic's internal access rules, I would suggest turning off the USER object's "user is active" setting instead of deleting the user. If you delete the USER object, then all Automic history associated with that user will be displayed as "user unknown". (I don't know if this can be done from the Automic script language.)