ldap config with block_auto_created_users=true and filter still creates a blocked user.

In my ldap config I've have block_auto_created_users: true and set a filter:, the user must be a member of a AD group.
This work fine for users which are a member to this AD group.
When I try to login with a user not a member to this AD group, I receive the following message;

Access denied for your LDAP account.

Which is correct but when I login to gitlab with an admin account, it has created a blocked user for that account.
This does not seem be correct, right?