If the SEP clients is no longer registered on SEPM (=was deleted before due to those 30 days expiry) - after coming back online it will register back to SEPM according to the preffered group as set in sylink.xml. Apparently your clients have this setting for the default group. Have a look at somewhat similar issue:
http://www.symantec.com/business/support/index?page=content&id=TECH104840
...check on one of your clients in the sylink.xml if the preferred group is set as I suppose to the "default" - if it is you can try importing new sylink to this client that would point them to a different preffered group.