The Security Groups tool displays security group membership for a user account, allowing an administrator to see the Primary Group, Direct Group Membership, and Nested Group Membership. The tool also lets you add the user account to a New Direct Group and refresh membership lists.
This tool connects to Active Directory to show and/or edit Security Group membership.
NOTE: The Security Groups tool can be run on multi-selected user objects, but not user groups or user collections.
To view a user's security group membership:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Select Right Click Tools > Security Groups.
The Security Groups window that opens displays the user's primary group, direct group and nested group memberships.
To remove a user from a security group:
1. In the Security Groups window, right-click on a security group.
2. Click Remove From Group.
To add a user to a security group:
1. In the Security Groups window, click Add New Direct Group.
2. Search for a group.
3. Click Add to Selected Security Groups.
Recast Permissions
| ActiveDirectory plugin | GetAccountGroupMembership |
| GetPrimaryGroupForAccount | |
| Add or Remove Account from Group |
Microsoft Permissions
- Requires that the user running the tool has permission to look at group memberships for the user object in Active Directory.
- Requires permission to modify the memberships of group objects in Active Directory.
- If using Recast Management Server with a service account, the same permissions are required for the service account.