The GroupSecurityService inside Team Foundation, specifically the ReadIdentity and ReadIdentities methods, are what you want to use.

    TeamFoundationServer m_tfServer = TeamFoundationServerFactory.GetServer("http://jmanning-test:8080");

    IGroupSecurityService gss = (IGroupSecurityService)m_tfServer.GetService(typeof(IGroupSecurityService));

 

    // first resolve to the SID's

    Identity validUserSids = gss.ReadIdentity(SearchFactor.AccountName, "Team Foundation Valid Users", QueryMembership.Expanded);

 

    // Now resolve the SID's to actual identities

    Identity[] validUsers = gss.ReadIdentities(SearchFactor.Sid, validUserSids.Members, QueryMembership.None);

 

    Console.WriteLine("All valid users/groups:");

    foreach (Identity validUser in validUsers)

    {

        Console.WriteLine(@"{0}\{1} ({2}) [{3}]", validUser.Domain, validUser.AccountName, validUser.DisplayName, validUser.Type);

    }