The modify AD Group Task requires the users to be provided as Distinguisehd Name (DN) or Common Name (CN) when performing the action "Add users" or "Remove Users". I would like you to add userPrincipaleName (UPN) to the list.
I'm not sure whether CN is actually working or not. But from my point of view a CN is not unique and therefore not a good choice in that kind of actions. A DN on the other hand requires the task to know the complety AD structure with all its OU at processing time. I'm sure its possible to get this information as a complete list of all user in AD, loop through it and so on to find the user that should actually be added or removed.
However: A more realistic and simpler approach would be to provide the userPrincipaleName (UPN) as input for the modify AD Group Task (Action Add/remove Users). As far as I understand a UPN is today a common identifier for users interacting with ADFS, Exchange or similiar systems. Most users now use the UPN to log on to a windows environment (especially in conjunction with an Exchange Environment). The UPN is also more likely to be unique.
My Business Case is, that I get a list of users (UPN) from an external system and I want to update the AD Group according to this list. Without the option to provide UPNs its complicated to achieve this.