We're using TFS 2013. The problem we're facing is this:
Several Active Directory users are listed in TFS under the Control panel/Security/Users, but not all.
Where can I control which AD users will also be able to access TFS?
The displayed names are only the names that have been assigned to something and synched into the TFS db's by the AD sync service. If you enter in the full AD name of a valid user in any of the security assignments it will end up showing in the user select list after the next sync run (every hour if I remember correctly).
I.e. you can assign users that are not displayed in the list.
Related
We are running TFS 2012. Our organization is currently creating new accounts for everyone as part of a migration.
What I know is that everyone will have two accounts listed in AD for a while:
OldDomain\DoeJ
NewDomain\DoeJ
This brings me to believe that SID will be different, among other things.
My question is, how would this affect our TFS environment? Will we lose any history associated with particular users? Will I have to go through each work item and reassign it to the new Windows account? Is there any way I can preserve this data?
Thanks
You could use Identities Command which lists or changes the security identifier (SID) of users and groups in your deployment of TFS. You might need to change or update the SID for users and groups in one of the following scenarios:
changing the domain of your deployment
changing from a workgroup to a domain or from a domain to a workgroup
migrating accounts across domains in Active Directory
Even though it's a powerful tool, but it has certain limitations. To help ensure a successful move, make sure that you understand the following requirements:
Once a user account is present in TFS, it cannot be removed or have another account mapped to it. For example, if you are moving
DomainA/UserA to DomainB/UserB, the Identities command would only
work to migrate the user if DomainB/UserB is not already present in
TFS.
Because the members of the local Administrators group are automatically added to TFS, make sure to remove any accounts that you
want migrated from that group before you change the domain or
environment.
Suggest you read up about this tutorial as part of planning your move. You could also take a look at this blog : Migrating TFS Server or Collection to another domain. Be careful do not add the user such as NewDomain\DoeJ to TFS first, after upgrade SID, the history will keep without any problem.
Moreover, TFS use a background synchronization job, scheduled every hour, to look for changes in Active Directory (or the local machine workgroup if the server is not domain joined). You can force the job to run using any of these techniques.
I am trying to migrate source control only from a TFS2013 system to VSTS and I have a question about how to manage user migration.
We have been using TFS since it was released and have a >250000 changeset history that we would like to preserve.
We have linked our Azure AD to the VSTS project and I have added in a relevant group that contains most of our current users, but these are not showing up in the user mapping screen presumably as they are not 'proper' users until they have logged on and applied their MSDN license. Is there an easy way of adding around 200 users to the system and applying a license?
Most of the other users that require mapping have long since left the company but it is useful to see which person made which changeset. This class of user will never have an active account on TFS but the current system would force me to remap these users to a current account losing that information. Is there any way of keeping this data?
I'm on update 4. I want to let business users submit "tickets" in TFS for research. However, they less rights to the project and aren't part of the contributors role. In addition, TFS documention indicates that once you deploy a "team alert" that the "#ME" variable changes to actually referring to the team, and not the person.
What is the approach to take to ensure that someone with less permissions, and not part of contributor group, will always get notified when a work item they created gets changed.
NOTE: TFS 2013 UPDATE 4 -- ON PREMISE
Related item: TFS 2013 (Update 2) Team Alerts not sending emails
* this doesn't help as I can't add them as contributors, need narrowing security permission.
UPDATE 2016-02-22
In looking through the alerts section, as an admin I see I can actually search and find an individual and setup an alert for them on the workitem change. However, this is a manual process, and I would like to do this in bulk. I will work on tracing the query execution that is called when the alert is created and see if I could replicate with a sql command to insert alerts for all users. However, I'd like to avoid running a direct sql query to do this if possible, if there is some bulk processing functionality that allows an individual alert to be deployed to each person on a team without doing it manually.
Anyone aware of any extensions, scripts, or other functionality that does this?
According to the comments of this issue TFS 2013 Update 2 Team Alerts not sending emails.This issue is not fixed with TFS 2013 UPDATE4. So, if you can't add the users as contributors, then they can't receive an email.
As a workaround, you can use events of team room. Adding events lets your team know when builds finish, source code is checked in, work items are updated, and requests for code reviews occur. This can be visible to all members of the team room. Detailed steps and more info from MSDN Collaborate in a team room
I can successfully setup a feedback request but I can only add one stakeholder at a time. I thought I'd setup a TFS group and it would send the feedback request to each of the members of that group. No such luck, turns out the TFS groups don't even show on the list of stakeholders in my setup.
TFS Permissions on the group. Please let me know if you need any other information.
What am I doing wrong?
The submitted feedback will be sent to stakeholders via email. There's no email address for TFS group, so it is not possible to select TFS groups as Stakeholders.
You need to:
Create a group in Exchange or mail-enable an existing group in Active Directory, create one email address for the created group. (Check this for the details.)
Add the created Windows Group to TFS, and grand it with the required permissions. (Check this for the details.)
When submit the feedback request, type the group alias created in Step1 and click "Check Name". Then, the group will show up correctly, and requested feedback will be sent to everyone in that group.
I also tried a lot of ways to add a tfs group to stakeholder, but prove to be no way to add a tfs group, stakeholder can only show windows group. You can click "Browse" to select multiple users at a time or add a windows group to TFS group and then select this windows group.
We have a situation where TFS was taken into use when we all had 2 user accounts. We started using TFS with account A but, after a while, found out that account B was better. In the end we want to use the A accounts only for RDP sessions. We would now like to remove all the A accounts from TFS so that we don't make mistakes in assigning tasks to a person.
Deleting the old accounts from the AD is not an option, we still use those accounts for RDP sessions. What we did was migrate all the WI's from account A to account B. Thereafter I removed all permissions for the old A accounts, with in mind that TFS would clear those accounts since they are no longer in use. The double account in the assigned-to field
Unfortunately the old accounts are still visible despite they are no longer involved in any project or group. No rights for the (development) user
How can we remove those accounts from TFS? Maybe there is somekind of cache that needs to be cleared somewhere, or a rebuild of the warehouse?
Thanks in advance!
By Default the Assigned To field shows the list of all Valid TFS Users (this is a specific TFS Group). So if you don't want somebody to show up in that list you have to make sure they are not in the Valid TFS Users group. If you inspect this group in the TFS Admin interface you can see which other groups are members of it. Now it's just a matter of tracing through the many TFS security groups to make sure that those user accounts are not included anywhere that would result in them being part of TFS Valid Users.