When a machine is deleted from Active Directory, it still shows up in the Symantec Endpoint Encryption Management Console.
Active Directory Synchronization is configured and enabled
By default, the Active Directory Synchronization will synchronize objects that have been added to the domain, but will not remove deleted objects. To do this, "Reverse Data Verification" must be enabled.
From the Symantec Endpoint Encryption Installation Guide:
Enable Reverse Data Verification