Menu
We are migrating to a new domain. The documentation for changing environment (and for the TfsConfig identities /change) command states that the user accounts must not exist in TFS before you try and migrate them in TFS.
However, one has got in because they were migrated as a test case and added automatically via group policy.
As described in the documentation, TfsConfig identities /change will not work for this account because the new account is already in TFS.
TfsConfig identities shows that the SID of the new identity not a match to Windows.
None of the users queries are working (of course, because it's a new account).
To make it worse, the user has created work items. So now there are work items under two separate accounts....
My question is: Do I have any facility to clean this mess up?
I want the new identity to match Windows, the users work items to be merged under the new account and all the users queries to work...
Before I understood what had gone wrong, I posted this question because I thought that the reason the users queries were not working was a simple query configuration issue. Now I realise (assuming anything of what I said above is correct) that I have bigger problems that possibly can't be cleaned up with the available command-line tools...
UPDATE (for anyone else who makes the same mistake we did)
We moved our server into the new domain last night. Happily, the SIDs appear to have corrected themselves. The only issue now is that the user doesn't have access to their old work items. I can update all fields apart from Created By via code. Created By is read-only. This question is now solely asking:
How do I update the Created By field of a work item?
I've read a lot of posts that say never, ever, ever, update data directly in the TFS databases... But this appears to be my only option if I want to fix the users queries...
633
There is no way to remove identity but you can change one identity to another but you have to bear in mind the followings from Microsoft:
Once a user account is present in TFS, it cannot be removed or have another account mapped to it. For example, if you are moving DomainA/UserA to DomainB/UserB, the Identities command would only work to migrate the user if DomainB/UserB is not already present in TFS.
Because the members of the local Administrators group are automatically added to TFS, make sure to remove any accounts that you want migrated from that group before you change the domain or environment.
Move Team Foundation Server
151
If you are in this boat then you are hosed already. You MUST follow the prescribed documentation for a domain move as you can't fix this after.
Even if you burn a support ticket I think you will get the same answer. It is not supported for you to edit the database directly. While you may get it to work you will likely prevent future upgrades...
p.s. If MS Support suggests that you edit the database you should request a second opinion from the product team :) MS Support is not always right...
32
I was able to solve this using the TFS Server Administration Console.
In the 'Application Tier' window of the administration console, add the user to the "Administration Console Users' box by clicking the 'add' button next to it.
Once I did that, the user which I had that had a SID that was out of sync was then synced up. I then removed that user from the administration console and that user was still correctly synced.
I was able to verify using TfsConfig identities.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
