Share via


/im Command

Use /im to display information about the identities that compose the direct membership of a group that you specify.

Required Permissions

To use the /im command, you must have the View collection-level information or the View instance-level information permission set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Team Foundation Server Permissions.

TFSSecurity /im Identity [/collection:CollectionURL] [/server:ServerURL]

Parameters

Argument

Description

Identity

The identity of the user or the group. For more information about identity specifiers, see TFSSecurity Identity and Output Specifiers.

/collection:CollectionURL

Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName

/server:ServerURL

Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName

Remarks

Run this command on an application-tier server for Team Foundation.

The /im command of TFSSecurity displays the direct members of the specified group only. This list includes other groups that are members of the specified group. However, the actual members of the member groups are not listed.

Examples

The following example displays direct membership identity information for the "Team Foundation Administrators" group in the domain "Datum1" at the fictitious company "A. Datum Corporation".

Note

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious.  No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred.

>tfssecurity /im "Team Foundation Administrators" /server:ServerURL

Sample output:

Resolving identity "Team Foundation Administrators"...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: Team Foundation Administrators
Description: Members of this application group can perform all privileged operations on the server.

3 member(s):
  [U] Datum1\hholt (Holt, Holly)
  [G] BUILTIN\Administrators (BUILTIN\Administrators)
s [A] [InstanceName]\Team Foundation Service Accounts

Member of 2 group(s):
a [A] [DatumOne]\Project Collection Administrators ([DatumOne]\Project Collection Administrators)
e [A] [InstanceName]\Team Foundation Valid Users

Done.

The following example displays identity information for the Project Collection Administrators group in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" by using the adm: identity specifier.

>tfssecurity /im adm: /collection:CollectionURL 

Sample output:

Resolving identity "adm: "...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: [DatumOne]\Project Collection Administrators
Description: Members of this application group can perform all privileged operations on the team project collection.

5 member(s):
  [U] Datum1\jpeoples (Peoples, John)
  [U] Datum1\hholt (Holt, Holly)
  [G] BUILTIN\Administrators (BUILTIN\Administrators)
a [A] [InstanceName]\Team Foundation Administrators
s [A] [DatumOne]\Project Collection Service Accounts ([DatumOne]\Project Collection Service Accounts)

Member of 1 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Colleciton Valid Users)

Done.

The following example displays identity information for the Project Administrators group for the "Datum" project in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" using the adm: identity specifier.

>tfssecurity /im adm:vstfs:///Classification/TeamProject/ProjectGUID /collection:CollectionURL 

Sample output:

Resolving identity "adm:vstfs:///Classification/TeamProject/ProjectGUID"...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXX

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Datum
Display name: [Datum]\Project Administrators
Description: Members of this application group can perform all operations in the team project.

2 member(s):
  [U] Datum1\jpeoples (Peoples, John)
  [U] Datum1\hholt (Holt, Holly)

Member of 1 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Collection Valid Users)

Done.

See Also

Tasks

Create a Collection-Level Group

Other Resources

Changing Groups and Permissions with TFSSecurity

Project-Level Groups