Force TFS to sync with Active Directory

Changes you make to local or Active Directory groups do not get reflected in TFS immediately. Instead, TFS will synchronize those groups regularly (by default every hour).

In TFS, new users don't show up immediately.

Known workarounds:

  • You can re-add the security group in TFS, this will trigger a identity synchronization. 
  • In TFS 2005/2008: you could restart IIS or the TFS App Pool to force an identity synchronization (does not work for TFS 2010).
  • Using the JobService webservice, you can queue the identity synchronization job.
  • Or use this tool to trigger the web service:

This tool will refresh your security groups in TFS within seconds.

(Note: The user needs to have the ‘Queue background jobs‘ permission on TFS)

Download the tool from here:


  • You can specify "/status" to only query the time of the last identity synchronization.
    (only requires ‘View background job information‘ permission on TFS)


5 thoughts on “Force TFS to sync with Active Directory”

  1. Or you could just cycle the ‘TFSJobAgent’ Windows service on the AT(s). Remember as well that TFS 2005 needs HOTFIX 927669 (apply to TFS 2005 RTM) or 931796 (apply to TFS 2005 SP1) for AD sync to work *at all*.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>