Question:
We noticed few things regarding AD Filters/targets with a [x] on the name. When you need to select a task or policy, do you know why a [X] is added to the front of the name in the picker? Like this: [X] CN=SUBGROUP, OU=blah, OU=blah.

As well, we can see those [x] filters under the respective AD Import structure:

Answer: This change was introduced with the ITMS 7.5 Release.
During the AD import process, All filters that had been created to represent a OU or Group that has now been deleted from AD, instead of deleting the corresponding filter, the filter is instead getting renamed with a "[X] " at the beginning of its name. This avoids the issue of active filters being deleted when it may already being used by another filter or a target. If the filter was simply deleted, the dependent target and filters would error out, instead the filter is simply empty, but still does exist. With the filters renamed, customers should be able to easily identify the filter that they may want to delete, but with the changes introduced in SMP 7.5 SP1 filter dependency OU, customers should be able to easily see if the filter is being used and by what.

There is as well a coresetting called ADDeleteLeftoverCollections. See HOWTO60856. Basically it "Allow to delete collections, which objects were not found in AD import. 0 = don't allow, 1 = allow". With this setting in theory those no longer imported AD filters can be cleared out. 

Question:  Is there a way to delete all of these leftover filters whose name starts with [X] at one time, even those with references to them?

Answer: Yes, attached to this article is a SQL script (Delete AD filters [X] names.sql) that, when run against the database, will remove all references (if any exist) to these filters, then it will insert them into the ItemToDelete table. They will all be deleted when the "Item To Delete" schedule runs. This schedule is actually run when the "NS.Quarter Hour..." schedule runs.

NOTE: It is important to understand that this will affect any computers that were being targeted by the filters, again if they exist.  It is also highly recommended that a recent backup of the database should exist before running any script that is run external to the auxiliary functions of the SMP.  This scipt is safe though.

Question:  When "ADDeleteLeftoverCollections" coresetting is used, when this cleanup will occur? During NS.Daily? AD Sync? Next AD Import?

Answer:  The Rename/Delete only runs as part of a specific AD import rule. Each rule keeps track of the filters that it created. Each time the rule imports, any groups/OUs that are no longer imported by the rule (either because removed from AD or removed from the rule), the corresponding filter is marked as orphaned. At the end of the import, all orphaned filters are either renamed or deleted (if allowed). Filters only deleted if the ADDeleteLeftoverCollections is True AND filter is not referenced.

If the rule that created the filter gets deleted, then created filters are left "as is" until another rule "creates" the same filter again (if already present, then it just resets the name to normal again).

If a rule imported some security groups and matching filters and then changed to import a different security group instead, the new filter would be created and the previously created filters would be renamed or deleted (if allowed). If another AD import rule was created that imported some of the now renamed filter, those filters would then be added to that rules creation list and the [x] would be removed from the filters name. Each time the first rule would run the filters would get renamed with the [X] only to have the [X] removed when the second rule runs which imports the filters again.

If the first rule is deleted, then all those filters created by rule would no longer get touched as a result of this import rule. That includes the new security group that was being imported by that rule would remain and those that are not imported by the second rule with the [X] in the name would also remain. Getting rid of these filters would have to be done manually.