Hi David,
Did you get any time to investigate this issue further perchance?
No problem if not. I think my backup plan will be to write a PHP script that runs periodically:
It will compare RS accounts from the Users table (in the RS DB) and look up into AD for each matching user account.
It will then copy the expiry date from the AD account, and insert it into the matching RS account, so that expiry date is honoured.
If the account is non-existent or disabled in AD, then it will delete/disable the RS account accordingly.
I'd be happy to share this if you're interested (though not sure how useful it will be). Though it's worth noting that if this sort of process is possible at the point of the plugin hooking into login, that could be a potential solution. However, my knowledge of RS plugin structures is very limited, hence this approach.
Cheers