You can use the GroupRemove procedure of the Managed Active Directory namespace to remove a member from a group in Active Directory.
This procedure expects to be called with impersonate="1". The procedure impersonates the caller.
<request>
<procedure>
<execute namespace="Managed Active Directory" procedure="GroupRemove">
<executeData>
<group>LDAP://CN=Administrators,CN=Users,DC=contoso,DC=com</group>
<member>LDAP://CN=myUser1,CN=Users,DC=contoso,DC=com</member>
<preferredDomainController>myPrimaryDC.contoso.com</preferredDomainController>
</executeData>
</execute>
</procedure>
</request>
The following input is valid for this request:
Use the <group> element to specify the Lightweight Directory Access Protocol (LDAP) path of the group from which you want to remove a member.
<group>LDAP://CLDAP path of the group</group>
Use the <member> element to specify the Lightweight Directory Access Protocol (LDAP) path of the object (for example, a user or another group) you want to remove from the group.
<member>LDAP://LDAP path of the object</member>
Use the <preferredDomainController> element to specify the domain controller to use for this request. Using a single preferred domain controller eliminates replication delays that can arise between multiple controllers.
<preferredDomainController>your domain controller</preferredDomainController>
The response to this procedure does not contain significant data.
Important