Once you configure the LDAP settings Sitefinity will pull the users from the active directory depending on those settings. Additionally once they are in Sitefinity they will be registered, however you will need to grant them permissions (assign the appropriate role to the user).
If you are referring to one time login and not register - Yes, it is possible to setup SSO with Windows authentication. In this case scenario the user has to enter his/her password only the first time logging into the backend.
Sitefinity does not store the AD users in its database but it is pulling them directly through the LDAP provider. If a user is removed from the AD the change will take immediate effect in the system.
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items