Do we understand correctly that the target user should be removed from all the current groups?
- The revocation script for all groups is already in production and working.
What should the type and scope of the new group created by the script be?
- Security Group Type Scope
What should be done in case if a group with the name following your template already exists?
- if there is the same name, just add the target user's groups.
How should the location for the new group be determined? Will it be predefined in the script?
- Yes, all groups created by the script, or already existing, must be in one, OR predefined in the script.