Remove users from primary site automatically

I’m hoping someone can help, I don’t want anyone apart from the network admin to have access to the primary site.

When a user logs in for the first time they get added to it, I’ve gotten around it by using the following piece of code as an mu-plugin to remove them from the primary site when they create their own site:

add_action( ‘wpmu_new_blog’, ‘ds_new_user_meta’, 10, 2 );
function ds_new_user_meta($blog_id, $user_id) {
remove_user_from_blog( $user_id, ‘1’ );
}

The problem with this is it only removes the user from the primary site if they make their own blog, some of our users don’t make their own blogs, they just get added to existing ones so the ‘wpmu_new_blog’ function never gets triggered.

Also, none of our users actually go through the signup process as we use a plugin to enable LDAP authentication, so for a new user they literally go to /wp-admin enter their exisiting username and password and an account is created.

Can someone please help me with some code that would run on login so that they get removed from the primary site but not for Network Administrators, I’d like them to always have access to the primary site.