In the past I’ve showed some examples on how to work with TFS IGroupSecurityService for getting users list, but you can do much more, Create new Group, Add or Remove users from group etc…

• TFS API Part 25: Get TFS User List (Mail Sid, Account, Domain) – TFS 2010
• TFS API Part 4: Get TFS User List (Mail, Sid, Account, Domain)

Download Demo Project

Step 1: Connect To TFS and Get All Users and Projects

As always we need to start with connecting to TFS, but here we’ll also obtain 2 important services for our demo IGroupSecurityService and ICommonStructureService.

Using ICommonStructureService we’ll be able to extract all Team Projects under the collection you choose, this is not the only way to do that.

Using IGroupSecurityService will allow us to get all users under the “Project Collection Valid Users” category.

private void BtnConnectClick(object sender, RoutedEventArgs e)
{
  var tpp = new TeamProjectPicker(TeamProjectPickerMode.NoProject, false);
  tpp.ShowDialog();
  if (tpp.SelectedTeamProjectCollection == null) return;
  
_tfs= tpp.SelectedTeamProjectCollection;
_css= (ICommonStructureService)_tfs.GetService<ICommonStructureService>();
_gss= (IGroupSecurityService)_tfs.GetService<IGroupSecurityService>();
 
  var allSids = _gss.ReadIdentity(SearchFactor.AccountName, 
        "Project Collection Valid Users", QueryMembership.Expanded);
 
  listAllUsers.ItemsSource = _gss.ReadIdentities(SearchFactor.Sid,
  allSids.Members, QueryMembership.None).Where(a=>a.Type == 
  IdentityType.WindowsUser || a.Type == IdentityType.WindowsGroup);
 
  listProjects.ItemsSource = _css.ListAllProjects();
}

Step 2: Get All Application Groups Under a Team Project

Once you choose a project we’ll use Project Uri and ListApplicationGroups method under IGroupSecurityService to get all Groups under that project.

private void ListProjectsSelectionChanged(object sender,
 SelectionChangedEventArgs e)
{
    if (listProjects.SelectedItem == null) return;
    var project = listProjects.SelectedItem as ProjectInfo;
    listGroups.ItemsSource = _gss.ListApplicationGroups(project.Uri);
}

Step 3: Get Users From Specific Group

When you select a specific group we’ll use the group SID to get all members under that group.

Make sure to change the SearchFactor to SID instead on AccountName, this will prevent getting users from another Project where the Group Name is not unique.

private void ListGroupsSelectionChanged(object sender, 
SelectionChangedEventArgs e)
{
    if (listGroups.SelectedItem == null) return;
 
    var group = listGroups.SelectedItem as Identity;
 
    var sids = _gss.ReadIdentity(SearchFactor.Sid, group.Sid, 
               QueryMembership.Expanded);
    if (sids == null || sids.Members.Length == 0)
    {
        listUsers.ItemsSource = null;
        return;
    }
 
    listUsers.ItemsSource = _gss.ReadIdentities(SearchFactor.Sid, 
                                 sids.Members, QueryMembership.None);
}

Step 4: Add New Application Group

This part is very simple, you just need to obtain the Project Uri and call CreateApplicationGroup under IGroupSecurityService with the Project Uri and the new Group Name.

private void BtnAddGroupClick(object sender, RoutedEventArgs e)
{
    if (string.IsNullOrEmpty(txtGroupName.Text) || 
               listProjects.SelectedItem == null) return;
            
    var project = listProjects.SelectedItem as ProjectInfo;
    var groupname = txtGroupName.Text;
    try
    {
        var result = _gss.CreateApplicationGroup(project.Uri, groupname,
                      "Your Group Description");
        ListProjectsSelectionChanged(sender, null);
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }
}

Step 5: Remove Application Group

This part is also very simple, you need to call DeleteApplicationGroup method under IGroupSecurityService with the Group sid you want to delete.

private void BtnRemoveGroupClick(object sender, RoutedEventArgs e)
{
    if (listGroups.SelectedItem == null) return;
 
    var result = MessageBox.Show("You are about to remove application 
    group from TFS, press yes to continue",
    "Remove Group", MessageBoxButton.YesNo, MessageBoxImage.Question);            


    
    if (result == MessageBoxResult.No) return;
 
    var group = listGroups.SelectedItem as Identity;
    _gss.DeleteApplicationGroup(group.Sid);
    ListProjectsSelectionChanged(sender, null);
}

Step 6: Add User To Application Group

For this you need to obtain the User sid and Group sid and again using the IGroupSecurityService add call AddMemberToApplicationGroup method passing those values.

If the User already exists in that Group you will receive a soap exception.

private void BtnAddUserToGroupClick(object sender, RoutedEventArgs e)
{
    if (listAllUsers.SelectedItem == null 
     || listGroups.SelectedItem == null) return;
 
    var group = listGroups.SelectedItem as Identity;
    var user = listAllUsers.SelectedItem as Identity;
 
    try
    {
        _gss.AddMemberToApplicationGroup(group.Sid, user.Sid);
        ListGroupsSelectionChanged(sender, null);
    }
    catch (Exception ex)
    {//TF50235: The group Test Group already has a member Administrators.
        MessageBox.Show(ex.Message);
    }
}

Step 7: Remove User From Application Group

It’s the same as Adding a user to a group, just call RemoveMemberFromApplicationGroup method.

private void BtnRemoveUserFromGroupClick(object sender, RoutedEventArgs e)
{
    if (listUsers.SelectedItem == null || 
       listGroups.SelectedItem == null) return;
 
    var group = listGroups.SelectedItem as Identity;
    var user = listUsers.SelectedItem as Identity;
 
    _gss.RemoveMemberFromApplicationGroup(group.Sid,user.Sid);
    ListGroupsSelectionChanged(sender, null);
}

Download Demo Project

Enjoy.