Removing Members in Groups in Azure AD Powershell Automatically (App API Permission)

Question

I'm trying to remove members of groups automatically via a PowerShell Script. There's an Azure AD app created, with User.ReadWrite.All (Application) and as User administrator (service principal) permissions. I'm doing several steps in this script, so don't wonder about the several logons:

Connect-ExchangeOnline
Connect-AzureAD
Connect-MgGraph
...differentTasks...
Remove-AzureADGroupMember -ObjectId '...' -memberId '...' 
...someMoreTasks...

The response is:

Remove-AzureADGroupMember : Error occurred while executing RemoveGroupMember 
Code: Request_BadRequest
Message: Cannot Update a mail-enabled security groups and or distribution list.

Answer 1

I tried in my environment, and I am able to remove the members from the Azure AD group successfully like below command:

Remove-AzureADGroupMember -ObjectId 'Your_Object_Id' -memberId 'Your_Member_Id'

You can refer to the script mentioned in this link if you want to remove mailenabled users.

$email = "[email protected]"
$AzureMember = get-azureaduser -objectid $email | Select objectId
$AzureMember | Get-AzureADUserMembership | Where-Object {($_.ObjectType -eq "Group") -and ($_.MailEnabled -eq $True)} | ForEach-Object {
Remove-AzureADGroupMember -ObjectId $_.ObjectId -MemberId $AzureMember.ObjectId -InformationAction Continue
}

For more in detail, please refer below link:

I am trying to add member in mail enabled security group using graph api, Is that possible? - Microsoft Q&A

Answer 2

I figured it out. I tested it with a different group type - when i choose the "real" azureadgroup, everything worked fine than ... thanks for you help.