Suppose if Organization name was changed in Azure DevOps.
Is there an Azure DevOps Rest API to fetch Organization name change details if I have the old Organization name.
Admin renamed Organization in Azure DevOps.
Need to programmatically fetch Organization name change details through Azure DevOps Rest API using the old Organization name.
Normally, after renaming an organization, the old name will be replaced with new name in the database. When trying to use Azure DevOps REST API to query any details of the organization, you need to use the latest organization name. So, it is not possible to use the old organization name to run the REST API.
To get the name change details, you can try using the REST API for Audit Log with the new organization name.
Ensure the organization has connected to Azure AD so that you can use the Audit Log feature.
Ensure the option "Log Audit Events" has been enabled before renaming the organization.
If above prerequisites are met, then you can view the name change details from Auditing logs in Azure DevOps or using the REST API for Audit Log.
When using the REST API for Audit Log, you also can use the parameters startTime and endTime to filter the logs based on the datetime (UTC) of the name change event.
GET https://auditservice.dev.azure.com/{organization}/_apis/audit/auditlog?startTime={startTime}&endTime={endTime}&api-version=7.1-preview.1
Related
I am working on a service that logs into JIRA and performs few operations that are not associated with a particular user. Right now, I'm using a virtual account and authenticating the JIRA by the accounts username and password. The use case requires a significant number of such services to be created. The current solution will be messy to maintain, because I need to keep a track of service level logs, which will require creation of a large number of virtual accounts, whose management is difficult. Is there a service account like concept in JIRA that allows a service to perform authentication as an application like on Google cloud?
Their reference about the REST API.
I played with it once, remember it requires API key or token maybe.
We are facing a TFS domain migration.
As written in TFS documentation Move user accounts and service accounts the user identities will be moved with the TFSConfig Identities command.
Can I move the identity within the same domain from userA to userB?
And would this happen in a way that there are no references to userA left in TFS database?
Before the migration we will upgrade from TFS 2017.3 to TFS 2018 or Azure Devops Server 2019.
Our general domain migration happend one year ago. The TFS resides in the former domain, say OLDDOMAIN. Every user OLDDOMAIN\initials got a new account as NEWDOMAIN\name.surname.
Unfortunately some users from the new domain where added to the local administrator group of TFS not knowing that TFS will sync them and create TFS identities and without having a clue about the consequences.
The idea is to change those identities from NEWDOMAIN\name.surname to a new user NEWDOMAIN\admin.name.surname OR OLDDOMAIN\initialsAdmin so that OLDDOMAIN\initials can be moved to NEWDOMAIN\user.surname.
The Identities Command is a powerful tool, but it has certain limitations. To help ensure a successful move, make sure that you understand the following requirements:
Once a user account is present in Azure DevOps Server, it cannot be removed or have another account mapped to it. For
example, if you are moving DomainA/UserA to DomainB/UserB, the
Identities command would only work to migrate the user if
DomainB/UserB is not already present in Azure DevOps Server.
Because the members of the local Administrators group are automatically added to Azure DevOps Server, make sure to remove any
accounts that you want migrated from that group before you change the
domain or environment.
As clearly declared in the document you referred, it's not able to map/move idenfity within the same domain from userA to userB.
If you are in this boat then you are hosed already. You may have 2 users as the same people and it will not allow you to change. Sorry for any inconvenience.
How can I add a limited access account for jenkins automation when I'm using Global GitHub OAuth Settings?
I'm using GitHub OAth for login to jenkins and I have python jenkinsapi scripts that I want to run as a user with read only access. At present, all my users are github users.
I can create a github account without access to my repositories and then limit that accounts access to jenkins but this seems cumbersome.
Is there a way to use multiple security realms or to create local users?
It seems that when jenkins contains a local user, that the plugin uses this first (plugin-source)
If you look at Manage Jenkins->Configure Global Security, you can see that you can select only one security realm.
I would say, for Jenkins use create a github service account specifically that user can be restricted to just a few repositories. You can also look at matrix based security or project based matrix security if you want to restrict authorization further
I have a .Net application that post-processes (manual) tests performed in TFS2010 via the Microsoft Test Manager and the individual ITestCaseResult instances do have a TeamFoundationIdentity on their .RunBy property assigned and I was wondering how / if I could retrieve the users' departments based on this identity.
The Tfs Users are (active directory) domain-wide users but the TeamFoundationIdentity does not seem to allow direct access to the underlying windows / ad one so I was wondering if there's a common denominator between the Tfs and the Windows identity that I could use to retrieve the department(s)?
There are two things on a TeamFoundationIdentity that can get you back to the AD account. First, the domain name and account name should be the same. With those values you should be able to retrieve the domain identity with the form "domain\accountName". Also, the TeamFoundationId is a GUID that is usually copied directly from AD. I am not too up-to-date with AD APIs but that should get you close.
I've been asked to look at configuring the Rally JIRA Connector to synchronise Rally with our JIRA instance and the installation instructions state that the user you create in JIRA has to be a JIRA Administrator. Why does it need admin permissions when all it appears to be doing is updating the RallyID and RallyURL custom fields for issues in the JIRA project(s) synching with Rally.
Are edit permissions for issues on the project not enough, or is it doing something else that requires admin privileges? I did remove the user from the jira-administrators group, but the connector checks for administrator privileges and halts if the user is not an admin.
If the user does not need admin privileges is it possible to alter/remove the check in the connector so that the user can be removed from the jira-administrators group and just be given the relevant permissions in JIRA?
Thanks,
Andrew.
it's a 2 part answer:
The connector runs a validation step on your config file to verify that all of the fields you have mapped do exist in Jira. Historically, with earlier versions of Jira out of the box, only the administrators group had permissions to get that list of fields on issues.
If you are using a field handler to transform in users to Jira, we again needed higher level permissions to get the list of users in Jira - eg to do a lookup based on email.
Hope that information helps.