WEB authentication with AD is not a very good way to manage users. If users are in AD, you can just use normal Radius authentication, why you want to use WEB authentication at all? WEB authentication is in fact using MAC authentication after password is checked, which is not very secure.
If you use normal WPA2/Enterprise with Radius/AD, you have encryption without need for separately adding password, and it is unique for each user and each session. The only complication is that you need to configure NPS role on some your Windows server, but it is simple and doesn't cost anything.
About delete user -- this option works, but windows normally reconnects very fast, so it looks as it is not working.
About block user - it should work, disabling access for user permanently (it blocks user MAC).
Grace period is set for WLAN, and it can be set for 90 min, as you mention, but I would avoid using WEB authentication at all.
With WPA2/Enterprise and Radius you don't care about grace period that much (for grace period authentication in cached and no Radius requests are sent), as after the first connection Windows handles authentication automatically, without user entering anything (you just need to install Radius server certificate, or accept that you are not checking it). There is good manual on Ruckus support how to configure that.