A different UUID is assigned when the device is encrypted, so if a system was reimaged, and comes back on the network, it will be a new entity as far as the database is concerned. At that point, you would have two of the same machine name in the database.
Since it will be tied to a different UUID in Windows objects as well, deleting the old entry should not cause a Windows AD deletion, as the globally unique ID for both the system in AD and the product should not be the same as the original system. I would simply try it with a test system and see your results.
Typically, we recommend that the system be deleted in AD prior to being reimaged, at which point it will only show in the Deleted Objects container in our product.
Generally, if two entries exist for the same system name in our database, it is safe to remove the older entry.