The following 2-liner can be set in a Windows scheduled task to run daily to deprovision user accounts that have expired. Expiration dates are set to "End of" a certain date so the actual value is set to 12:00AM of the following day. So it's best to schedule this script to run at 12:01AM daily so it gets the recently expired accounts right away.
If you are running ActiveRoles Server 6.8, this can be scheduled through a workflow instead of the scheduled tasks and you can ommit the first line to load the pssnapin.
##BEGIN SCRIPT##
Add-PSSnapin Quest.ActiveRoles.ADManagement
Get-QADUser -Proxy -ExpiredFor 0 -DontUseDefaultIncludedProperties -IncludedProperties edsvaDeprovisionStatus | Where-Object {$_.edsvaDeprovisionStatus -ne 1} | Deprovision-QADUser -ErrorAction silentlycontinue
##END SCRIPT##
When creating the scheduled task, use the following format for calling the script file (replacing the path to your script file):
powershell.exe -noexit "c:\Deprovision-ExpiredUsers.ps1"