Looks like ePo 4.0 patch 5 addresses this scenerio:
20. Issue: During an Active Directory synchronization, disabled computer accounts were being imported into ePolicy Orchestrator. (Reference: 439191)
Resolution: Disabled computer accounts in Active Directory are no longer imported into ePolicy Orchestrator.
Note: If the ePO administrator has configured the Active Directory synchronization to "remove deleted systems" from the System Tree, deleted systems and disabled systems are automatically removed at the next Active Directory
awesome! I guess I'll just have to wait and see if anyone else has issues and then install away. Just updated the Mcafee Agent to newest patch and had to convert all of our Repo's to SA's until their newest release.... I am never going to be the extremely proactive one. :)