Removal from groups does not work as intended.

tasks/sudoers-groups.yml

@@ -7,17 +7,34 @@
   when: users_system_users is defined
   tags: [ 'services', 'users' ]
 
+#- block:
+#  - name: Remove selected users to the limited sudoers group
+#    user: name={{ item.login }} groups=''
+#    with_items: '{{ users_system_users | default([]) }}'
+#    when: not item.limited_sudoers_user
+#
+#  when:
+#    - users_system_users is defined
+#    - item.limited_sudoers_user is defined
+#  tags: [ 'services', 'users' ]
+#
+#- block:
+#  - name: Remove additional users to the limited sudoers group
+#    user: name={{ item.login }} groups=''
+#    with_items: '{{ users_system_users_adjunct }}'
+#    when: not item.limited_sudoers_user
+#
+#  when:
+#    - users_system_users_adjunct is defined
+#    - item.limited_sudoers_user is defined
+#  tags: [ 'services', 'users' ]
+
 - block:
   - name: Add selected users to the limited sudoers group
     user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
     with_items: '{{ users_system_users | default([]) }}'
     when: item.limited_sudoers_user
 
-  - name: Remove selected users to the limited sudoers group
-    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
-    with_items: '{{ users_system_users | default([]) }}'
-    when: not item.limited_sudoers_user
-
   when:
     - users_system_users is defined
     - item.limited_sudoers_user is defined
@@ -29,12 +46,8 @@
     with_items: '{{ users_system_users_adjunct }}'
     when: item.limited_sudoers_user
 
-  - name: Remove additional users to the limited sudoers group
-    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
-    with_items: '{{ users_system_users_adjunct }}'
-    when: not item.limited_sudoers_user
-
   when:
     - users_system_users_adjunct is defined
     - item.limited_sudoers_user is defined
   tags: [ 'services', 'users' ]
+