This behavior is by design. The AD Sync task will only remove machines that currently exist in the AD Sync group if setup in the way your described above. The simplest workaround I can think of would be to mirror your AD Structure inside EPO. Otherwise you can use the "inactive agent" report to identify stale entries in the EPO system tree and take the appropriate action. You could for example automate the "inactive agents" report and set the action to move the machines back into the AD Sync group. Then the next time your AD Sync task runs if the machine is not in your AD it should delete it. Keep in mind that the "inactive agents" report will list machines that have communicated with the EPO server successfully at least one time. To catch machines that have never communicated you would have to use the "unmanaged systems" report.
I have another question on this topic.
Let's say, I mapped an OU in AD to Group A (flat list), then i create a subgroup under Group A (let's call this SubGroup A), and moved some machines into this subgroup. So, when Machine B is deleted from AD, with Machine B located in Group A>SubGroup A in ePO, will it be deleted as well?
Any advice on this?