User Tools: Security Groups
What it does:
The Security Groups tool searches for and then displays security group membership for a user account. It allows a ConfigMgr user to see the Primary Group, Direct Group Membership, and Nested Group Membership. Actions can be taken as well-- including adding the user account to a New Direct Group and then Refreshing the membership lists.
How it does it:
This tool connects to Active Directory to show and/or edit Security Group membership.
Navigate to the Security Groups tool by right clicking on a User Object, selecting Recast RCT, and selecting Security Groups.
The Security Groups tool can be run on multi-selected User Objects, but not User Groups or User Collections. Multi-selecting User Objects will return an "Are you sure?" message followed by multiple dialog boxes stacked on top of one another.
When the action is run, the following dialog box will open:
Selecting "Add New Direct Group" will pull up an additional window that allows a user to search and discover groups to add the user account to.
Executing an add will prompt an "Are you sure?" message, and then if the Refresh button is pushed, the new membership will be updated.
The Security Groups tool requires the following permissions:
- Requires the Reset Password permission in the Active Directory plugin.
- Also requires the Add or Remove Account from Group permission in the Active Directory plugin.
- If using Recast Server with a Service Account, the same permissions are required for the service account.
- This action requires that the user running the tool has permission to look at group memberships for the user object in Active Directory.
- Also requires permission to modify the memberships of group objects in Active Directory
No required settings for this tool.
- If the user account is not a member of a primary group the following error will occur:
If the user account is not a member of any security group the following error will occur: