I am in a little bit confusing situation. Below diagrams are supposed to tell the case:
I had 2 different tfs servers serving to 2 different teams on my company. The users were local on those servers. So, no active directory, no central control. Hence we decided to merge these 2 servers into 1 TFS.
Now I have 1 big TFS server containing all the collections, without any problem at that level. But as you can see from the users names, the users are imported to this new server with their local computer names - A\user1, A\user2, B\user3, B\user4. Which violates my sense of harmony.
What I want to do is, install an Active Directory service on a new machine, and have all my users included in this new domain as below:
My ultimate goal is to use the same users, only changing their netbios names like C\user1, C\user2, C\user3, C\user4, in order to keep old informations in TFS valid.
Microsofts documentations calls the first step I have achived so far a "Hardware Migration", and the second step as "Environment Migration". Then tells to not to do them at the same time. So I completed, the hardware migration, and now I need to do the environment migration, but since I don't have a deep knowledge on this domain things I am taking it slowly.
I haven't installed Active Directory yet, since I don't know what I need to change beforehand.
My questions are:
What I am dreaming is possible?
How can I achive it?
Environment-based migration scenario means changing the domain of the TFS deployment, whether it's a domain name change or going from a workgroup to a domain. So what you want can be achieved.
You can use Identities command to change the security identifier (SID) of users and groups in your deployment of TFS. This command supports the following scenarios:
changing the domain of your deployment
changing from a workgroup to a domain (your scenario) or from a domain to a workgroup
migrating accounts across domains in Active Directory
Command:
TFSConfig Identities /change /fromdomain:DomainName1 /todomain:DomainName2 [/account:AccountName] [/toaccount:AccountName]
More information is described here: https://msdn.microsoft.com/en-us/library/ms404883(v=vs.120).aspx
Related
I have two variations of a site based off a primary enrollment site. Currently a running demo of the primary enrollment site is set up and running on a remote server using docker. I'm trying to figure out what steps are needed to move both enrollment site variants A and B up to the remote server for testing and review purposes.
The first variation (branch A) was built from the primary app as master and the second (branch B) was built as a very small variation on the initial vairant, A (think a single file updated from branch A).
So far I understand that I'll have to set up a unique database for both A and B for docker to store app data depending on which enrollment site is running (e.g., enroll-db-A and enroll-db-B). Running both sites from this host will also require specifying a unique port on the dockerfile and docker-compose file since the plan is to keep the primary demo site available through the server's default port.
What I'm confused about is how to actually move the files needed for both variants up to the remote server. Because I obviously want to minimize the number of files needed to transfer up to the remote to handle serving all our sites, and because both variants A and B both largely depend on files from the primary enrollment app root, is it sufficient to simply move all the updated and necessary config files for A and B into new directories on the remote server where the directory for the primary enrollment site is located one level up as the parent of each variant directory?
To paraphrase my manager; there's probably some way to make this work, though it's not worthwhile.
My concern in posting this mostly had to do with the apparent number of redundant files that would be pushed up to the remote web server after creating two, simple variants on an original. For our demonstration purposes, having two highly similar repos in addition to the original base loaded on to the web server is not a significant concern.
So, for now, my need to have this question answered can be deferred indefinitely.
We are facing a TFS domain migration.
As written in TFS documentation Move user accounts and service accounts the user identities will be moved with the TFSConfig Identities command.
Can I move the identity within the same domain from userA to userB?
And would this happen in a way that there are no references to userA left in TFS database?
Before the migration we will upgrade from TFS 2017.3 to TFS 2018 or Azure Devops Server 2019.
Our general domain migration happend one year ago. The TFS resides in the former domain, say OLDDOMAIN. Every user OLDDOMAIN\initials got a new account as NEWDOMAIN\name.surname.
Unfortunately some users from the new domain where added to the local administrator group of TFS not knowing that TFS will sync them and create TFS identities and without having a clue about the consequences.
The idea is to change those identities from NEWDOMAIN\name.surname to a new user NEWDOMAIN\admin.name.surname OR OLDDOMAIN\initialsAdmin so that OLDDOMAIN\initials can be moved to NEWDOMAIN\user.surname.
The Identities Command is a powerful tool, but it has certain limitations. To help ensure a successful move, make sure that you understand the following requirements:
Once a user account is present in Azure DevOps Server, it cannot be removed or have another account mapped to it. For
example, if you are moving DomainA/UserA to DomainB/UserB, the
Identities command would only work to migrate the user if
DomainB/UserB is not already present in Azure DevOps Server.
Because the members of the local Administrators group are automatically added to Azure DevOps Server, make sure to remove any
accounts that you want migrated from that group before you change the
domain or environment.
As clearly declared in the document you referred, it's not able to map/move idenfity within the same domain from userA to userB.
If you are in this boat then you are hosed already. You may have 2 users as the same people and it will not allow you to change. Sorry for any inconvenience.
We are moving our installation from a hosted server to a VM on our local network. We have a mix of local users and Domain users. I am concerned about the local users that were created on the existing server. What will happen to them in the new environment?
For example
Server1\JohnDoe will not exist on the new server. What is the best practice for this?
What you are effectively doing is a domain change from the perspective of TFS. You need to merge two procedures. First is the environment move:
http://msdn.microsoft.com/en-us/library/ms404883.aspx
And the second is the hardware move:
http://msdn.microsoft.com/en-us/library/ms404869.aspx
What you are doing is both at once. This can be done safely and you need to be very careful with the accounts issue.
I have done this a whole bunch and documented it:
http://nakedalm.com/in-place-upgrade-of-tfs-2008-to-tfs-2010-with-move-to-new-domain/
Thats for an older version but the principals are the same.
I don't know squat about TFS, other than as a user who has performed simple check in/outs.
I just installed it locally and would like to do joint development with a friend.
I was having trouble making my TFS web site on port 8080 visible (the whole scoop is here if your interested) and I wonder if it could be related to the fact that TFS is probably using Windows Authentication to identify the user.
Can TFS be set up to use forms authentication?
We probably need to set up a VPN, though that's a learning curve too.
To use TFS, do our machines have to belong to a domain?
We're not admin types, though he is better than me, though I would be interested in any feedback or advice on which path is likely to pan out the best. I already got AxoSoft OneTime working in this type of an environment and it suits us well, but I am tempted at all the bells & whistles with TFS and the ability to tie tracked bug items to code changes.
As far as finding a good way to share code, do sites like SourceForge allow one to keep code secure among members only?
It does not need to be installed in a domain. I'm running TFS at home within a workgroup on a virtual machine.
Create a user on the machine that hosts TFS. Let's assume this machine is named TFS-MACHINE. Grant that user appropriate Team and Project rights.
When connecting to TFS from the remote machine, the user should be prompted for a user ID and password. They should use a User ID of TFS-MACHINE\username and the appropriate password.
Regarding external spots to host code. If you're looking for cheap/free, you can look at something like Unfuddle, which supports SVN and Git.
If you're looking for hosted TFS, the only place I've been able to find thus far is SaaS Made Easy, but they can start getting a bit expensive, depending on the number of users you have.
Keep in mind if you're going to host locally that you'll still need to do things like periodic backups, etc.
I am about to be writing a Ruby on Rails app which will use sub-domains to authenticate users. We will have two types of accounts:
user accounts
domain accounts
Users will thus be able to belong to multiple domain accounts using the same credentials. I hope to have the ability for a domain account administrator to be able to search for particular users and add them to their domain.
In addition to simply creating a domain account in the database, I want to setup an actual account on the machine (linux-based) so that users can drop files into a special directory and we can run some scripts to import that new data. Alternatively, I may write a client/server script to make this process easier.
All of this I believe I can do, however, as soon as the project attains a certain number of domain accounts, it will be necessary to figure out how to cluster the domain accounts appropriately so that we can have multiple machines.
From a database standpoint, this is fairly easy and there are lots of tutorials on how to cluster MySQL or whichever SQL server I decide to use. So my question really pertains more to machine accounts as well as how to cluster a Rails app.
If you want a comparison, think of this project like GitHub or Beanstalk but with data that isn't source control related.
Does anybody have any experience with this or know of any really good articles/books to get me started?
Thanks very much!
I suggest you look at using one of the PAM modules that lets you do account authentication against a SQL database. That way you just add the domain account to the SQL database and you get UNIX accounts (on all your servers) automagically, for free. So the clustering should just happen for free too...