Adam Singer

Veni, vidi, expertus sum- I came, I saw, I tested

‘Grep’ing Groups

Man have I been busy. What have I been busy doing? Well, see there’s…. actually, I’ll let Brian explan as he’s already done such an eloquent job at it, with some neat charts and graphs, too.

I mentioned in my last post that I have some code that will help you find built-in groups. It’s actually pretty simple, and build upon code that James already provided last year. Say you want to find the Team Foundation Administrators group, the Valid Users group, or the Service Accounts group. These three groups are always created when TFS installs, so we added a neat flag to help you access them without knowing anything else than the server name. Try using the attached file as the main file in a new C# console application and then add dll references to Microsoft.TeamFoundation.dll, Microsoft.TeamFoundation.Client.dll, and Microsoft.TeamFoundation.Common.dll. Many thanks to Matt Hoover for the code review on my sample code here.

The key piece of code is the following method.

/// <summary>
/// Prints out the membership of the three built-in groups
/// </summary>
public void DisplayBuiltinGroupMembers()

// Find all the Administrative users
Identity adminUserSids = m_gss.ReadIdentity(SearchFactor.AdministrativeApplicationGroup, null, QueryMembership.Expanded);

// Find all the Service accounts
Identity serviceSids = m_gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.Expanded);

// Find all the valid users
Identity allUserSids = m_gss.ReadIdentity(SearchFactor.EveryoneApplicationGroup, null, QueryMembership.Expanded);


We can also read the project administatrative groups in a similar way. The only thing you need to know is the project URI. Note that if you have the project name you can find its URI the ICommonStructureService’s “GetProjectFromName” method.


project = m_css.GetProjectFromName(“My Project”);
adminGroup = m_gss.ReadIdentity(SearchFactor.AdministrativeApplicationGroup, project.Uri, QueryMembership.Expanded);

Disclaimers: The most efficient means of reading identity information is by using the SearchFactor.Sid. If you plan to do a tremendous number of queries like the ones in my sample app and want to get the best perf, this may not be the right method for you. Instead, use the members of the Microsoft.TeamFoundation.GroupWellKnownSidConstants class in Microsoft.TeamFoundation.Common.dll (this will also allow you to access the Licensed Users Group which only exists in the Team Foundation Server Workgroup Edition). Even so, the extra SearchFactors can make your code look a bit prettier.