It depends on whether you have "Allow Persistent Authentication Cookie?" checked in site settings. If it is checked then the user may still have a valid authentication cookie if he checked "Remember Me" on the login page before he logged in, then the user is still logged in. Checks against AD only happen at login time. If that box is not checked then the cookie lasts only for the duration of the browser session, ie if the user closes his browser he must login again. But if it is checked the cookie persists beyond the browser session for the amount of time specified in the timeout property on the <forms element in web.config. The latest version of mojoPortal has that configured as 20160 minutes which is about 2 weeks but older versions had a much longer value there.
However, you can also lock the user out from the manage user page by looking the user up on the member list and click the manage link. If you lock him out there then his cookie will be cleared automatically as soon as he visits the site, ie he will be forcfully logged out and then if he tries to login again it will fail since he no longer has a valid AD account.
Hope that helps,