how to list the users/groups the server knows about?
The GroupSecurityService inside Team Foundation, specifically the ReadIdentity and ReadIdentities methods, are what you want to use.
TeamFoundationServer m_tfServer = TeamFoundationServerFactory.GetServer("https://jmanning-test:8080");
IGroupSecurityService gss = (IGroupSecurityService)m_tfServer.GetService(typeof(IGroupSecurityService));
// first resolve to the SID's
Identity validUserSids = gss.ReadIdentity(SearchFactor.AccountName, "Team Foundation Valid Users", QueryMembership.Expanded);
// Now resolve the SID's to actual identities
Identity[] validUsers = gss.ReadIdentities(SearchFactor.Sid, validUserSids.Members, QueryMembership.None);
Console.WriteLine("All valid users/groups:");
foreach (Identity validUser in validUsers)
{
Console.WriteLine(@"{0}\{1} ({2}) [{3}]", validUser.Domain, validUser.AccountName, validUser.DisplayName, validUser.Type);
}