/g- command: Remove a user or group

Use /g- to remove a user or a user group from an existing group.

Required Permissions

To use the /g- command, you must have the View collection-level information and Edit collection-level information or the View instance-level information and Edit instance-level information permissions set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Permission reference for Team Foundation Server.

TFSSecurity /g- groupIdentity memberIdentity [/collection:CollectionURL] [/server:ServerURL]

Parameters

Argument

Description

groupIdentity

Specifies the group identity. For more information about valid identity specifiers, see TFSSecurity Identity and Output Specifiers.

memberIdentity

Specifies the member identity. For more information about valid identity specifiers, see TFSSecurity Identity and Output Specifiers.

/collection:CollectionURL

Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName

/server:ServerURL

Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName

Remarks

Run this command on an application-tier server for Team Foundation.

You can also add users and groups to an existing group using Team Explorer. For more information, see How to: Remove Users from a Team Project Group, How to: Remove Users from a Default Group or How to: Remove Users from a Server-Level Group.

Examples

The following example removes the Datum1 domain user John Peoples (Datum1\jpeoples) from the Team Foundation Administrators group.

Note

The examples are for illustration only and are fictitious. No real association is intended or inferred.

>tfssecurity /g- "Team Foundation Administrators" n:Datum1\jpeoples ALLOW /server:http://ADatumCorporation:8080

Sample output:

TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation.  All rights reserved.

The target Team Foundation Server is http://ADatumCorporation:8080/.
Resolving identity "Team Foundation Administrators"...
a [A] [INSTANCE]\Team Foundation Administrators
Resolving identity "n:Datum1\jpeoples"...
  [U] DATUM1\jpeoples (John Peoples)
Removing John Peoples from [INSTANCE]\Team Foundation Administrators...
Verifying...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1

DN:

Identity type: Team Foundation Server application group
   Group type: AdministrativeApplicationGroup
Project scope: Server scope
 Display name: [INSTANCE]\Team Foundation Administrators
  Description: Members of this group can perform all operations on the Team Foundation Application Instance.

3 member(s):
  [U] Datum1\hholt (Holly Holt)
  [G] BUILTIN\Administrators (BUILTIN\Administrators)
s [A] [INSTANCE]\Team Foundation Service Accounts

Member of 2 group(s):
a [A] [Collection0]\Project Collection Administrators
e [A] [INSTANCE]\Team Foundation Valid Users

Done.

See Also

Other Resources

Change groups and permissions with TFSSecurity