I created a local group user which I added to TFS Contributor/Valid User groups. Anytime if I needed to add a user as contributor, I would add him/her to the local group and the person has the access to TFS; which is until now. Recently a new person got hired and MIS setup the domain account for him. I added him the same way but for some reason he couldn't connect to TFS. I tried everything that I know of. I even asked MIS to recreate (delete and create again) the user in ADS. But nothing seems to be working. Does anybody know what could be possible problem?
I had the same issue that the a user did not get permission to TFS when adding hem/her to the user group. I resolved it by adding the user directly to TFS. You can use the TFS Administration Tool to add users quickly to TFS, SSRS and Sharepoint: http://tfsadmin.codeplex.com
OK. I solved the problem. It was TFS cache that was causing this problem. Once I cleared it, everything worked fine.
Thanks for trying to help.
Related
I am working with team foundation server and I added a user in the server from Administration Console and the user has access to the server. But the problem is even when I remove that user from Administration Console user still able to login to the server. Can anyone help me here? Thank you in advance.
To remove users completely from TFS server. You should remove the user from all the security groups.
UsE the command below to get this account has been added to which groups. Then check all those groups and try to remove that account from those groups.
TFS security imx:
tfssecurity /imx [domain\account] /server:[server url]
Besides, changes you make to local or Active Directory groups do not get reflected in TFS immediately. Instead, TFS will synchronize those groups regularly.
A periodic clean-up job that is executed removes people from the global groups. If you just wait, they will disappear in a couple of days. They will not have access to any of the TFS assets however.
You could look in http://tfs.mydomain.com:8080/tfs/_oi to see the sync job.
If you cannot wait for the scheduled job, you can try to do the force sync: http://msmvps.com/blogs/vstsblog/archive/2011/02/17/force-tfs-to-sync-with-active-directory.aspx
We had a person leave our company and their windows domain account for Active Directory was deleted. They have since come back but have been given a different windows domain account user name. Now when we attempt to assign them tasks it's always associated with the old account. I assume this is because the name is still the same and TFS is doing some kind of duplication check. I've tried removing cache and have verified that the Team Foundation Server Periodic Identity Synchronization job is running properly. I can also see the old active directory account show up when attempting to Add a windows user or group via the dialog along with the new Active Directory user.
What's strange is this user is not showing up as a member of any groups in TFS for any of the Team Project Collections. So why are they still showing up in the [Team Project Collection]\Project Collection Valid Users group?
Seems the main issue is deleted users still in "Assigned To" List. First try to throw down the issue.
If you are using VALIDUSER rule, it contains all valid users in TFS. You may check collection level Project Collection Valid Users group, you may need to check every group to delete the user. And use TFSSecurity /imx command to display information about that group, thn delete the user from right group.
After delete the old user, you need to try to let TFS sync with Active Directory, for detail steps, you can refer to:
Force TFS to sync with Active Directory
Active Directory Groups not Syncing with Team Foundation Server 2010
Last year, I was working with some other people on a computer science project. So, I created a bitbucket repository and invited everybody. As we know each other very well, everybody is an administrator of the repository and I'm the owner.
Today, I would like to clean up my bitbucket repository list. But, I can't find how to leave a repository. When I go in the settings menu, the only thing that I can do is "deleting a repository". It's not what I want to do because I want to leave the repository for the other people.
For some repository (when I'm not the owner), I can revoke myself, but for the other, I can't. Do you know how can I do that? I would like to find a solution without needing to make a ownership transfer as it involves making a transfer request and then, waiting some time to get the answer.
Thank you
Go to 'Your profile and Settings' left bottom corner & Tap 'All work spaces'
Tap 'Leave'
I would like to find a solution without needing to make a ownership transfer as it involves making a transfer request and then, waiting some time to get the answer.
Somebody must own the repository, and you can't leave a repository that you own.
You could create a team and transfer the repository there, then invite the other users to the team. Transferring your repo to a team you create should be instantaneous.
Or you can transfer the repository to an existing user and wait for them to respond, as you have suggested.
Workaround:
Disable "New source browser experience" in here: https://bitbucket.org/account/user//features/
Then click "revoke" in here: https://bitbucket.org///overview
I created a tfs group that would work on a specific project located in a collection. Now we're using work items to track bugs etc, but that group doesn't have access to those work items via the Team Web Access portal. I don't want this group to have access to all the projects in the collection, just the one they are working on. But i need them to be able to access work items that come up.
Currently when they access the Team Web Access portal, they get message indicating there are no accessible team projects in this team project collection.
if they can access their code in the collection already, how come they can't see the work items, and how can i change that, but still limit what they see?
Ok, found what i was looking for after some time. for the benefit of the community here is where that hidden security setting is done.
For the new group, i needed to go under Team/Team Project Settings/Area and Iterations!!!!
Yes, this silly place to but a SECURITY button. If you go in there, click the security button on the bottom of the dialog, you will then see ALL the WORK ITEM related permissions.
EDIT work items in this node;
Manage Test plans;
View this node;
View work items in this node.
I needed to check all of these to ALLOW.
Again, seems like a stupid place to put these settings, than with all the other security settings via TEAM Project Settings. I hope they had a good reason for that.
They will need the View collection-level details permission added to their group (at the collection level). By default, the Project Collection Valid Users group has these permissions, so you can just add your group as a member of the valid users group.
Here is the scenario:
I have 2 TFS servers, TFS-A is in local and TFS-B is abroad.
Check into TFS-B is very slowly, so my idea is to check into TFS-A first,
and check all changes into TFS-B from TFS-A in once time at night.
But the TFS-A and TFS-B have different user accounts, when I synchronize them, error happens.
The error told me access denied.
So if it is possible to sync two TFS with different accounts.
How to do it?
Thanks in advance.
You need to supply a user mapping in your TFS integration platform configuration. A similar post shows how to do this in detail: TFS Integration Platform: How to map users with the SVN adapter?
Hope that helps you further.