"net rpc group addmem/delmem" ignores the "managedBy" group attribute.
Typically, the AD ACL group has the following attributes:
The “managedBy“ attribute refers to another ACL group that can manage this group (i.e. add/remove users). It looks like "net rpc group addmem/delmem" only makes an LDAP modify request to the AD, so unless you have LDAP write access (e.g. Domain Admin) you won’t be able to modify the group. In other words, it ignores the special “managedBy” attribute.