You can configure the actual AD sync task to push an agent to machines that are imported: you ca also have a server task configured to send an agent to machines (so for example I could havea task that queries for unmanaged machines and sends an install to them.)
Finally there is RSD (Rogue System Detection) which you can configure to send an install to rogue machines.
One very important point to note, though, is that the "send an agent install" mechanism is entirely separate from a deployment task configured to install an agent. The latter is a task run by the agent itself, so its purpose is to install an agent on machines that already have one installed: as such it is almost always used to upgrade existing agents. This means that if you don't have such a task configured, then checking in a new agent will not update your existing machines.