AD Security Groups

The AD Security Groups tool shows all of the Active Directory group memberships for a device.

This tool queries Active Directory for group memberships.

To run the tool:

1. In your Configuration Manager console, right-click on a device.

2. Click Right Click Tools > Console Tools > AD Security Groups.

The Security Groups window that opens shows direct and nested group membership.

There's also an option to Add a New Direct Group.

Recast Permissions

  • Requires the Query AD permission in the Active Directory plugin. Additionally, it requires the Add or Remove Account from Group permission in the Active Directory plugin if it's desired to use the Add New Direct Group or Remove from Group features of the tool.

Microsoft Permissions

  • The AD Security Groups tool requires that the user running the tool has permissions to look at the group memberships for the object in Active Directory. The user will also need permissions to modify the memberships of group objects in Active Directory if using that part of the tool. If using a Recast Server with a service account, the service account will need the permissions listed instead of the user running the tool.