Use /m to check explicit and implicit group membership information for a specified group or user.
To use the /m command, you must be a member of the Team Foundation Administrators security group. For more information, see Team Foundation Server Permissions.
Even if you are logged on with administrative credentials, you must open an elevated Command Prompt to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt, click Start, right-click Command Prompt, and click Run as Administrator. For more information, see this page on the Microsoft Web site: User Account Control.
Specifies the group identity. For more information on valid identity specifiers, see TFSSecurity Identity and Output Specifiers.
Specifies the member identity. By default, the value of this argument is the identity of the user who is running the command. For more information on valid identity specifiers, see TFSSecurity Identity and Output Specifiers.
Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName
Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName
The following example verifies whether the user "Datum1\jpeoples" belongs to the Team Foundation Administrators server-level group.
>TFSSecurity /m "Team Foundation Administrators" n:Datum1\jpeoples /server:http://ADatumCorporation:8080
TFSSecurity - Team Foundation Server Security Tool Copyright (c) Microsoft Corporation. All rights reserved. The target Team Foundation Server is http://ADatumCorporation:8080/. Resolving identity "Team Foundation Administrators"... a [A] [INSTANCE]\Team Foundation Administrators Resolving identity "n:Datum1\jpeoples"... [U] DATUM1\jpeoples (John Peoples) Checking group membership... John Peoples IS a member of [INSTANCE]\Team Foundation Administrators. Done.