Changes you make to local or Active Directory groups do not get reflected in TFS immediately. Instead, TFS will synchronize those groups regularly (by default every hour).
- You can re-add the security group in TFS, this will trigger a identity synchronization.
- In TFS 2005/2008: you could restart IIS or the TFS App Pool to force an identity synchronization (does not work for TFS 2010).
- Using the JobService webservice, you can queue the identity synchronization job.
- Or use this tool to trigger the web service:
(Note: The user needs to have the ‘Queue background jobs‘ permission on TFS)
Download the tool from here:
- for use with TFS 2010: TfsSyncIdentities.exe (.ZIP)
- for use with TFS 2012: TfsSyncIdentities.exe (.ZIP)
- for use with TFS 2013: TfsSyncIdentities.exe (.ZIP)
- You can specify "/status" to only query the time of the last identity synchronization.
(only requires ‘View background job information‘ permission on TFS)