Lets say you have a user in AD. They get all sorts of rights granted over time. They also get access in a remote domain that trusts your domain, to resources.
Then they leave the company and you delete their object. The deleted object becomes a tombstone object, which is meant to preserve the SID in case you wish to 'undelete' them, sort of.
So what happens to the ACE's that had their SID in it? Within the domain, my guess is after the tombstone expires it will get cleaned up. Since after all, what is the point of preserving the SID if all references to it are already gone.
What happens to the ACE's in the remote trusting domain? How does it clear up orphaned SIDs in ACE's and whatnot?