TFS & Visual Studio ALM - by Neno Loje

(formerly Team System, VSTS)

News

Recent Posts

Community

Tags

Email Notifications

VSTS Blogs

VSTS Community

My Other Blogs

German VSTS Websites

Archives

Force TFS to sync with Active Directory

Changes you make to local or Active Directory groups do not get reflected in TFS immediately. Instead, TFS will synchronize those groups regularily (by default every hour).

In TFS, new users don't show up immediately.

Known workarounds:

  • You can re-add the security group in TFS, this will trigger a identity synchronization. 
  • In TFS 2005/2008: you could restart IIS or the TFS App Pool to force an identity synchronization (does not work for TFS 2010).
  • Using the JobService webservice, you can queue the identity synchronization job.
  • Or use this tool to trigger the web service:

This tool will refresh your security groups in TFS within seconds.

(Note: The user needs to have the 'Queue background jobs' permission on TFS)

Download the tool from here: TfsSyncIdentities.exe (.ZIP, 7,78 KB)

Update:

  • You can specify "/status" to only query the time of the last identity synchronization.
    (only requires 'View background job information' permission on TFS)
Posted: Thu, Feb 17 2011 18:17 by neno | with 6 comment(s)
Filed under: , , ,

Comments

Trevor Hancock said:

Or you could just cycle the 'TFSJobAgent' Windows service on the AT(s). Remember as well that TFS 2005 needs HOTFIX 927669 (apply to TFS 2005 RTM) or 931796 (apply to TFS 2005 SP1) for AD sync to work *at all*.

# February 17, 2011 3:26 PM

markus said:

thanks neno, solved me a lot of time!

# June 8, 2011 12:41 AM

neno said:

@markus: I'm glad you like it!

# June 8, 2011 3:59 AM

Jose David Parra said:

Thanks man!!

# July 6, 2011 3:54 PM

Bertrand said:

Perfect post.

# July 14, 2011 12:39 PM

Willy's Cave said:

Projects News CodedUI ( VSCUG ) project is in the middle of sprint 5 and still focusing on in-depth guidance

# July 31, 2011 6:44 PM