Are you using using Windows Authentication on your SharePoint site?
If you are, you don't need a script to keep you groups synchronized if you do.. They will stay synchronized on their own. Removing a user from the AD group will remove it from the SharePoint group as well.
You might experience a little delay though which might be why you thought you needed a script (should take no longer than 15 minutes).
If you are in a rush, you can do an IISReset and you should see your change immediately.
If you are not using Windows Auth, or if your SharePoint group is a different group from the AD one, then you will need to add a synch routine.
Your best bet is probably some code (or SSIS package that runs) every x minutes. In a loop, check each member of your AD group. Validate that they are in the SharePoint group. When they aren't, use code like this :
using (SPWeb oWebsiteRoot = SPContext.Current.Site.RootWeb)
{
//Loop through your AD group here
oWebsiteRoot.AllowUnsafeUpdates = true;
oWebsiteRoot.Groups["Employee"].AddUser(username, email, fullname, String.Empty);
oWebsiteRoot.Update();
}
where Site is your site collection and user has all the information you need. That will create the SharePoint user and add it to the group.
When that's done, go through each SharePoint user and validate that they are in the AD group. When they aren't, remove them :
using (SPWeb oWebsiteRoot = SPContext.Current.Site.RootWeb)
{
SPGroupCollection collGroups = oWebsiteRoot.SiteGroups;
SPUser oUser = oWebsiteRoot.Users["User_Name"];
foreach (SPGroup oGroup in collGroups)
{
oGroup.RemoveUser(oUser);
}
}