Security Groups

The Security Groups tool displays security group membership for a user account, allowing an administrator to see the Primary Group, Direct Group Membership, and Nested Group Membership. The tool also lets you add the user account to a New Direct Group and refresh membership lists. 

This tool connects to Active Directory to show and/or edit Security Group membership.

NOTE: The Security Groups tool can be run on multi-selected user objects, but not user groups or user collections.

To view a user's security group membership:

1. In your Configuration Manager console navigation panel, click Users.

2. Search for the user.

3. Right-click on the user.

4. Select Right Click Tools > Security Groups.

The Security Groups window that opens displays the user's primary group, direct group and nested group memberships.

To remove a user from a security group:

1. In the Security Groups window, right-click on a security group.

2. Click Remove From Group.

To add a user to a security group:

1. In the Security Groups window, click Add New Direct Group.

2. Search for a group. 

3. Click Add to Selected Security Groups.

Recast Permissions

If using Recast Server with a Service Account, the same permissions are required for the service account.

Active DirectoryReset Password
Active DirectoryAdd or Remove Account from Group

Microsoft Permissions

  • Requires that the user running the tool has permission to look at group memberships for the user object in Active Directory
  • Requires permission to modify the memberships of group objects in Active Directory