The following script would work when run locally on macOS's terminal, but on endpoint, script will return run successfully (possibly because I didn't specify the return code) even though user's admin wasn't revoked. The objective of the script is to find the currently logged in user and remove them from admin group.

remove_user="$(whoami)" && sudo dseditgroup -o edit -d "$remove_user" -t user admin