Remove a member

Namespace: microsoft.graph

Use this API to remove a member (user, group, or device) from an administrative unit.

This API is supported in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) AdministrativeUnit.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application AdministrativeUnit.ReadWrite.All

To remove a member from an administrative unit, the calling principal must be assigned one of the following Azure AD roles:

  • Privileged Role Administrator
  • Global Administrator

HTTP request

DELETE /directory/administrativeUnits/{id}/members/{id}/$ref


If you don't append /$ref to the request and the calling app has permissions to manage the member object, the object will also be deleted from Azure Active Directory (Azure AD); otherwise, a 403 Forbidden error is returned. You can restore specific objects through the Restore deleted items API.

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Do not supply a request body for this method.


If successful, this method returns 204 No Content response code. It does not return anything in the response body.



The following is an example of the request. In the example below, {id1} represents the identifier for the target administrative unit, and {id2} represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.



Here is an example of the response.

HTTP/1.1 204 No Content