[TFS 2015]: Migrate users from one AD domain to another

一笑奈何 提交于 2019-12-11 01:53:52

问题


We are planning to migrate users from our company domain (domainA) to our parent company's domain (domainB). The login IDs for the users are going to change from domainA\firstname.lastname to domainB\employee#

For now, the TFS servers will reside in domainA.

What would be the best way to migrate our TFS users and still ensure that they still maintain their current permissions?

I did find this document regarding the Identities command: https://docs.microsoft.com/en-us/vsts/tfs-server/admin/move-across-domains

thanks


回答1:


If you just want to migrate accounts across domains in Active Directory and keep the TFS sever reside in domain A.

You could use TFSConfig Identities command which lists or changes the security identifier (SID) of users and groups in your deployment of TFS.

Fist of all, there should has the trust-relationship between your two domains. Then follow below steps:

  • Create all the new accounts on the new domain and DON’T ADD THEM TO TFS
  • Open the command line as admin and navigate to “C:Program FilesMicrosoft Team Foundation Server 14.0Tools

  • Run the TFSConfig Identities with the right parameters such as

    TFSConfig Identities /change /fromdomain:Domain1 /todomain:Domain2 /account:OldAccount /toaccount:NewAccount

  • Review the result

  • Force synchronization for fasting the retrieving the result or wait the synchronization to happen after sometimes

Note: Once a user account is present in TFS, it cannot be removed or have another account mapped to it. For example, if you are moving DomainA/UserA to DomainB/UserB, the Identities command would only work to migrate the user if DomainB/UserB is not already present in TFS.

More detail steps please refer this tutorial.

If you also want to move a Team Foundation Server installation from one domain to another, you need to follow the instructions exactly: Move Team Foundation Server from one environment to another


Update from OP:

To prevent migrated users from reverting back to previous account, I had to make sure that they weren't part of any domainA groups.Once removed, I ran the following:

TFSServiceControl quiesce TFSConfig Identities /change /fromdomain:OldDomainName /todomain:NewDomainName /account:OldAccountName /toaccount:NewAccountName TFSServiceControl unquiesce 

I then ran a poweshell script that forced AD sync with TFS :

 [Reflection.Assembly]::Load("Microsoft.TeamFoundation.Client, Version=11.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")

 # connect to the server 
  $credProvider = new-object Microsoft.TeamFoundation.Client.UICredentialsProvider $tfsConnection = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "localhost:8080/tfs";, $credProvider $tfsConnection.EnsureAuthenticated()

 # force a full sync on the next sync execution. 
  $tfRegistry = $tfsConnection.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry]) $tfRegistry.SetValue('/Service/Integration/Settings/IdentitySyncFull', $true)

# Kick the IMS periodic job so that it syncs. 
  $jobIds = [Guid[]] @('544DD581-F72A-45A9-8DE0-8CD3A5F29DFE') $jobSvc = $tfsConnection.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationJobService]) $jobSvc.QueueJobsNow($jobIds, $true)


来源:https://stackoverflow.com/questions/48151311/tfs-2015-migrate-users-from-one-ad-domain-to-another

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!