i trying use tfssecurity configure security on our new instance of tfs 2017. works great when test adding local user accounts on tfs server tfs group fails change trying add domain groups or accounts. here's command , results getting:
ps c:> &"e:\tfs 2017\tools\tfssecurity.exe" /g+ "n:[project1]\contributors" n:"domain1\tfs-developers" /collection:http://mytfsserver:8080/tfs/primarycollection
microsoft (r) tfssecurity - team foundation server security tool copyright (c) microsoft corporation. rights reserved.
the target team foundation server http://mytfsserver:8080/tfs/primarycollection.
resolving identity "n:[project1]\contributors"...
[a] [project1]\contributorsresolving identity "n:domain1\tfs-developers"...
error: identity cannot resolved.
i running command using account on domain1 can see group in active directory users , computer seems should not have issue resolving identity. however, server not joined network on domain1. joined second domain called domain2 has 1 way trust domain1. suspect might causing problem i'm not sure how work around if or how diagnose issue know sure. ideas?
you'd better make 2 domains trusted each other. specifically, when 1 way trust. in scenario, domain2 needs trust domain1 , pay attension mentioned in thread:
the tfsservice account must user in more truested forest. since accounts less trusted forest not allowed query information more truested forest, unable add users more trusted forest when tfsservice account comes less trusted forest.
here blog add user different domain: http://blogs.agorainc.com/post/external-user-in-team-foundation-server-(tfs)-with-active-directory.aspx
Comments
Post a Comment