When users are using Team Explorer and viewing the group membership for a particular project (Team Project Settings -> Group Membership) it’s pretty easy because explicit users and groups are listed. However, this becomes a problem when you want to view all the users of that particular group. This is very, very evident when the groups are chained, i.e. Group X contains Group Y, which contains Group z, and so forth. This becomes an issue because viewing the security information for a particular security group becomes very limited.
Fortunately, to get around this limitation you can use the TfsSecurity tool, specifically the TfsSecurity /imx command, to get the direct members of the specified group.
It is important to remember that TfsSecurity.exe comes from Team Explorer, not the Visual Studio shell.