Resolution
Why can I remove a computer account from a group using the Web Console but cannot add one?
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fix
The removal of any account from a group is a groupMemberRemove operation, which displays a list of all current group members as per that group's Active Directory properties. This allows the removal of any displayed account - including computer accounts - from the membership list.
When using the Web Console to add a member to a group, there are two workflows included for use. They are Add a user to a group and Add a group to a group. The Add a user to a group workflow makes a call to display only user accounts in the managed domain and Add a group to a group calls only domain global groups. Because the Web Console does not have any management capabilities for computer accounts, no workflow or call was added to enumerate them in a list. This structure was utilized to minimize the list enumeration time for Assistant Admins using the Web Console as one call to enumerate all elligible objects could be extensive.