/im Command
Use /im to display information about the identities that compose the direct membership of a group that you specify.
Required Permissions
To use the /im command, you must have the View collection-level information or the View instance-level information permission set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Team Foundation Server Permissions.
TFSSecurity /im Identity [/collection:CollectionURL] [/server:ServerURL]
Parameters
Argument |
Description |
|---|---|
Identity |
The identity of the user or the group. For more information about identity specifiers, see TFSSecurity Identity and Output Specifiers. |
/collection:CollectionURL |
Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName |
/server:ServerURL |
Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName |
Remarks
Run this command on an application-tier server for Team Foundation.
The /im command of TFSSecurity displays the direct members of the specified group only. This list includes other groups that are members of the specified group. However, the actual members of the member groups are not listed.
Examples
The following example displays direct membership identity information for the "Team Foundation Administrators" group in the domain "Datum1" at the fictitious company "A. Datum Corporation".
Note
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred.
>tfssecurity /im "Team Foundation Administrators" /server:ServerURL
Sample output:
Resolving identity "Team Foundation Administrators"...
SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1
DN:
Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: Team Foundation Administrators
Description: Members of this application group can perform all privileged operations on the server.
3 member(s):
[U] Datum1\hholt (Holt, Holly)
[G] BUILTIN\Administrators (BUILTIN\Administrators)
s [A] [InstanceName]\Team Foundation Service Accounts
Member of 2 group(s):
a [A] [DatumOne]\Project Collection Administrators ([DatumOne]\Project Collection Administrators)
e [A] [InstanceName]\Team Foundation Valid Users
Done.
The following example displays identity information for the Project Collection Administrators group in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" by using the adm: identity specifier.
>tfssecurity /im adm: /collection:CollectionURL
Sample output:
Resolving identity "adm: "...
SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1
DN:
Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: [DatumOne]\Project Collection Administrators
Description: Members of this application group can perform all privileged operations on the team project collection.
5 member(s):
[U] Datum1\jpeoples (Peoples, John)
[U] Datum1\hholt (Holt, Holly)
[G] BUILTIN\Administrators (BUILTIN\Administrators)
a [A] [InstanceName]\Team Foundation Administrators
s [A] [DatumOne]\Project Collection Service Accounts ([DatumOne]\Project Collection Service Accounts)
Member of 1 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Colleciton Valid Users)
Done.
The following example displays identity information for the Project Administrators group for the "Datum" project in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" using the adm: identity specifier.
>tfssecurity /im adm:vstfs:///Classification/TeamProject/ProjectGUID /collection:CollectionURL
Sample output:
Resolving identity "adm:vstfs:///Classification/TeamProject/ProjectGUID"...
SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXX
DN:
Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Datum
Display name: [Datum]\Project Administrators
Description: Members of this application group can perform all operations in the team project.
2 member(s):
[U] Datum1\jpeoples (Peoples, John)
[U] Datum1\hholt (Holt, Holly)
Member of 1 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Collection Valid Users)
Done.
See Also
Tasks
Create a Collection-Level Group