The whole idea of AD authentication usually is that you have single sign-on and don't need to logon when you're logged on to the domain. So when only using AD you can't really logout I guess.
I've heard it should be possible if you use basic forms-authentication against your AD with impersonation. Might be as easy as using Kentico's mixed-mode authentication. But could be you need to manually adjust the forms logon to actually use your AD.