User Tools: Security Groups

The Security Groups tool searches for and then displays security group membership for a user account. It allows a ConfigMgr user to see the Primary Group, Direct Group Membership, and Nested Group Membership. Actions can be taken as well-- including adding the user account to a New Direct Group and then Refreshing the membership lists.

How it does it

This tool connects to Active Directory to show and/or edit Security Group membership.


Navigate to the Security Groups tool by right clicking on a User Object, selecting Recast RCT, and selecting Security Groups.

Security Groups Navigation

The Security Groups tool can be run on multi-selected User Objects, but not User Groups or User Collections. Multi-selecting User Objects will return an "Are you sure?" message followed by multiple dialog boxes stacked on top of one another.

Security Groups Are You Sure


When the action is run, the following dialog box will open:

Security Groups ScreenShot

Selecting "Add New Direct Group" will pull up an additional window that allows a user to search and discover groups to add the user account to.

Add New Direct Group ScreenShot

Executing an add will prompt an "Are you sure?" message, and then if the Refresh button is pushed, the new membership will be updated.

Are you sure?

Recast Permissions

If using Recast Server with a Service Account, the same permissions are required for the service account.

Active DirectoryReset Password
Active DirectoryAdd or Remove Account from Group

Microsoft Permissions

  • This action requires that the user running the tool has permission to look at group memberships for the user object in Active Directory.
  • Also requires permission to modify the memberships of group objects in Active Directory