Share via


/imx Command

Use /imx to display information about the identities that compose the expanded membership of a specified group.

Required Permissions

To use the /imx command, you must have the View collection-level information or the View instance-level information permission set to Allow, depending on whether you are using the /collection or /server parameter, respectively. For more information, see Team Foundation Server Permissions.

TFSSecurity /imx Identity [/collection:CollectionURL] [/server:ServerURL]

Parameters

Argument

Description

Identity

The identity of the user or the group. For more information about identity specifiers, see TFSSecurity Identity and Output Specifiers.

/collection:CollectionURL

Required if /server is not used. Specifies the URL of a team project collection in the following format: http://ServerName:Port/VirtualDirectoryName/CollectionName

/server:ServerURL

Required if /collection is not used. Specifies the URL of an application-tier server in the following format: http://ServerName:Port/VirtualDirectoryName

Remarks

Run this command on an application-tier server for Team Foundation.

The /imx command of TFSSecurity displays the expanded members of the specified group only. This list includes not only other groups that are members of the specified group but also the members of the member groups.

Examples

The following example displays expanded membership identity information for the "Team Foundation Administrators" group in the domain "Datum1" at the fictitious company "A. Datum Corporation".

Note

The examples are for illustration only and are fictitious. No real association is intended or inferred.

>tfssecurity /imx "Team Foundation Administrators" /server:ServerURL

Sample output:

Resolving identity "Team Foundation Administrators"...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: Team Foundation Administrators
Description: Members of this application group can perform all privileged operations on the server.

10 member(s):
  [U] Datum1\hholt (Holly Holt)
  [U] Datum1\jpeoples (John Peoples)
  [U] Datum1\tommyh (Tommy Hartono)
  [U] Datum1\henriea (Henriette Andersen)
  [U] Datum1\djayne (Darcy Jayne)
  [U] Datum1\aprilr (April Reagan)
  [G] Datum1\InfoSec Secure Environment
  [U] Datum1\nbento (Nuno Bento)
  [U] Datum1\cristp (Cristian Petculescu)
  [G] BUILTIN\Administrators (BUILTIN\Administrators)
s [A] [InstanceName]\Team Foundation Service Accounts

Member of 3 group(s):
a [A] [DatumOne]\Project Collection Administrators ([DatumOne]\Project Collection Administrators)
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Collection Valid Users)
e [A] [InstanceName]\Team Foundation Valid Users

Done.

The following example displays identity information for the Project Collection Administrators group in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" using the adm: identity specifier.

>tfssecurity /imx adm: /collection:CollectionURL 

Sample output:

Resolving identity "adm: "...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-0-0-0-0-1

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Server scope
Display name: [DatumOne]\Project Collection Administrators
Description: Members of this application group can perform all privileged operations on the team project collection.

6 member(s):
  [U] Datum1\jpeoples (Peoples, John)
  [U] Datum1\hholt (Holt, Holly)
  [G] BUILTIN\Administrators (BUILTIN\Administrators)
a [A] [InstanceName]\Team Foundation Administrators
s [A] [InstanceName]\Team Foundation Service Accounts
s [A] [DatumOne]\Project Collection Service Accounts ([DatumOne]\Project Collection Service Accounts)

Member of 1 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Collection Valid Users)

Done.

The following example displays identity information for the Project Administrators group for the "Datum" project in the "DatumOne" team project collection in the domain "Datum1" at the fictitious company "A. Datum Corporation" using the adm: identity specifier.

>tfssecurity /imx adm:vstfs:///Classification/TeamProject/ProjectGUID /collection:CollectionURL 

Sample output:

Resolving identity "adm:vstfs:///Classification/TeamProject/ProjectGUID"...

SID: S-1-9-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXX

DN:

Identity type: Team Foundation Server application group
Group type: AdministrativeApplicationGroup
Project scope: Datum
Display name: [Datum]\Project Administrators
Description: Members of this application group can perform all operations in the team project.

2 member(s):
  [U] Datum1\jpeoples (Peoples, John)
  [U] Datum1\hholt (Holt, Holly)

Member of 2 group(s):
e [A] [DatumOne]\Project Collection Valid Users ([DatumOne]\Project Collection Valid Users)
e [A] [InstanceName]\Team Foundation Valid Users

Done.

For more information about the output specifiers, such as [G] and [U], see TFSSecurity Identity and Output Specifiers.

See Also

Other Resources

Changing Groups and Permissions with TFSSecurity

Create a Collection-Level Group

Project-Level Groups