The AD Security Groups tool shows all of the Active Directory group memberships for a device.
This tool queries Active Directory for group memberships.
To run the tool:
1. In your Configuration Manager console, right-click on a device.
2. Click Right Click Tools > Console Tools > AD Security Groups.
The Security Groups window that opens shows direct and nested group membership.
To add a new group:
1. In the Security Groups window, click Add New Direct Group.
2. In the Select Groups window that opens, click the Search button to search for a single group or multiple groups.
3. Click Add to Selected Security Groups and confirm the addition.
4. After closing the Select Groups window, click Refresh to see the updated group membership.
To remove a group:
1. In the Security Groups window, right-click on a group.
2. Click Remove from Group and confirm the removal.
3. Click Refresh to see the updated group membership.
- Requires the Query AD permission in the Active Directory plugin. Additionally, it requires the Add or Remove Account from Group permission in the Active Directory plugin if it's desired to use the Add New Direct Group or Remove from Group features of the tool.
- The AD Security Groups tool requires that the user running the tool has permissions to look at the group memberships for the object in Active Directory. The user will also need permissions to modify the memberships of group objects in Active Directory if using that part of the tool. If using a Recast Server with a service account, the service account will need the permissions listed instead of the user running the tool.