The Security Groups tool displays security group membership for a user account, allowing an administrator to see the Primary Group, Direct Group Membership, and Nested Group Membership. The tool also lets you add the user account to a New Direct Group and refresh membership lists.
This tool connects to Active Directory to show and/or edit Security Group membership.
NOTE: The Security Groups tool can be run on multi-selected user objects, but not user groups or user collections.
To view a user's security group membership:
1. In your Configuration Manager console navigation panel, click Users.
2. Search for the user.
3. Right-click on the user.
4. Select Right Click Tools > Security Groups.
The Security Groups window that opens displays the user's primary group, direct group and nested group memberships.
To remove a user from a security group:
1. In the Security Groups window, right-click on a security group.
2. Click Remove From Group.
To add a user to a security group:
1. In the Security Groups window, click Add New Direct Group.
2. Search for a group.
3. Click Add to Selected Security Groups.
Recast Permissions
If using Recast Server with a Service Account, the same permissions are required for the service account.
| Active Directory | Reset Password |
| Active Directory | Add or Remove Account from Group |
Microsoft Permissions
- Requires that the user running the tool has permission to look at group memberships for the user object in Active Directory
- Requires permission to modify the memberships of group objects in Active Directory