If we enable windows authentication and automatic account creation, the portal creates account for all the users, who hits the URL. This is one of the disadvantage.
If we have a feature like, configuring AD (security) group to the portal and any user added to the group, should be added as a user in the portal. This also restricts from other user accessing the site and unwanted account in the portal.
If any user deleted from the AD group, portal should show some message like deleted user, so that administrator can move deleted user roles to himself or to other user.