Use /g- to remove a user or a user group from an existing group.
To use the /g- command, you must have the View collection-level information and Edit collection-level information or the View instance-level information and Edit instance-level information permissions set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Team Foundation Server Permissions.
Specifies the group identity. For more information about valid identity specifiers, see TFSSecurity Identity and Output Specifiers.
Specifies the member identity. For more information about valid identity specifiers, see TFSSecurity Identity and Output Specifiers.
Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName
Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName
The following example removes the Datum1 domain user John Peoples (Datum1\jpeoples) from the Team Foundation Administrators group.
The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, places, or events is intended or should be inferred.
>tfssecurity /g- "Team Foundation Administrators" n:Datum1\jpeoples ALLOW /server:http://ADatumCorporation:8080
TFSSecurity - Team Foundation Server Security Tool Copyright (c) Microsoft Corporation. All rights reserved. The target Team Foundation Server is http://ADatumCorporation:8080/. Resolving identity "Team Foundation Administrators"... a [A] [INSTANCE]\Team Foundation Administrators Resolving identity "n:Datum1\jpeoples"... [U] DATUM1\jpeoples (John Peoples) Removing John Peoples from [INSTANCE]\Team Foundation Administrators... Verifying... SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1 DN: Identity type: Team Foundation Server application group Group type: AdministrativeApplicationGroup Project scope: Server scope Display name: [INSTANCE]\Team Foundation Administrators Description: Members of this group can perform all operations on the Team Foundation Application Instance. 3 member(s): [U] Datum1\hholt (Holly Holt) [G] BUILTIN\Administrators (BUILTIN\Administrators) s [A] [INSTANCE]\Team Foundation Service Accounts Member of 2 group(s): a [A] [Collection0]\Project Collection Administrators e [A] [INSTANCE]\Team Foundation Valid Users Done.