Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
AdministrativeUnit.ReadWrite.All
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
AdministrativeUnit.ReadWrite.All
Not available.
To remove a member from an administrative unit, the calling principal must be assigned at least the Privileged Role AdministratorMicrosoft Entra role.
If you don't append /$ref to the request and the calling app has permissions to manage the member object, the object will also be deleted from Microsoft Entra ID; otherwise, a 403 Forbidden error is returned. You can restore specific objects through the Restore deleted items API.
If successful, this method returns 204 No Content response code. It doesn't return anything in the response body.
Example
Request
The following example shows a request. In the example below, {id1} represents the identifier for the target administrative unit, and {id2} represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Directory.AdministrativeUnits["{administrativeUnit-id}"].Members["{directoryObject-id}"].Ref.DeleteAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Directory().AdministrativeUnits().ByAdministrativeUnitId("administrativeUnit-id").Members().ByDirectoryObjectId("directoryObject-id").Ref().Delete(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.directory().administrativeUnits().byAdministrativeUnitId("{administrativeUnit-id}").members().byDirectoryObjectId("{directoryObject-id}").ref().delete();
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->directory()->administrativeUnits()->byAdministrativeUnitId('administrativeUnit-id')->members()->byDirectoryObjectId('directoryObject-id')->ref()->delete()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.directory.administrative_units.by_administrative_unit_id('administrativeUnit-id').members.by_directory_object_id('directoryObject-id').ref.delete()