Changes you make to local or Active Directory groups do not get reflected in TFS immediately. Instead, TFS will synchronize those groups regularly (by default every hour).
Known workarounds:
- You can re-add the security group in TFS, this will trigger a identity synchronization.
- In TFS 2005/2008: you could restart IIS or the TFS App Pool to force an identity synchronization (does not work for TFS 2010).
- Using the JobService webservice, you can queue the identity synchronization job.
- Or use this tool to trigger the web service:
(Note: The user needs to have the ‘Queue background jobs‘ permission on TFS)
Download the tool from here:
- for use with TFS 2010: TfsSyncIdentities.exe (.ZIP)
- for use with TFS 2012: TfsSyncIdentities.exe (.ZIP)
- for use with TFS 2013: TfsSyncIdentities.exe (.ZIP)
Update:
- You can specify "/status" to only query the time of the last identity synchronization.
(only requires ‘View background job information‘ permission on TFS)
–Neno
Or you could just cycle the ‘TFSJobAgent’ Windows service on the AT(s). Remember as well that TFS 2005 needs HOTFIX 927669 (apply to TFS 2005 RTM) or 931796 (apply to TFS 2005 SP1) for AD sync to work *at all*.
thanks neno, solved me a lot of time!
@markus: I’m glad you like it!
Thanks man!!
Perfect post.