How do I fix a mismatched user SID in TFS 2013?

About

Asked 20/8, 2017 at 22:6 Answered 21/8, 2017 at 8:49

TFSConfig Identities listed all TFS accounts and all but one matched Windows.

How do I fix the lone user account where the Match is False?

While this may not be relevant, I add it to the post in case it provides any additional clues. I tried to reapply the user in the Application Tier Console Users list and it failed. The log stated the account is also an orphaned SQL Server Login. I assume that makes sense if the SID is mismatched, though.

Deserving answered 20/8, 2017 at 22:6 Comment(2)

What have you done for this specifically TFS account? Domain moved or deleted/reapplied? – Fotinas 21/8, 2017 at 8:42

That is an insightful observation. I am trying to move a single server TFS system w/ SharePoint to a new domain; it is a VM. I have a series of problems I'm dealing with. This post was about just one of the difficulties I am facing. I will continue to ask additional questions about the overall task I am working toward in other posts. – Deserving 21/8, 2017 at 14:47

Since you have reapply the user in the Application Tire Console Users list. Changes you make to local or Active Directory groups do not get reflected in TFS immediately.

It may be a identity synchronization issue. You must wait for the next identity synchronization with Windows before the properties of accounts that you do some account change will be updated. This requirement includes changes from group to user, user to group, and domain account to local account.

You could also force TFS to sync, details please refer this blog. After this run the TFSConfig Identities again.

Fotinas answered 21/8, 2017 at 8:49 Comment(3)

It seems that tfssyncidentities is not a Microsoft tool; is that correct? (I'll still try it) I tried to figure how TFSConfig could correct this, but it doesn't seem it can correct SIDs. I was afraid to move the account to a temp account and back because I thought it might create other problems. However, in this case I eventually confirmed the problem really was the orphaned SQL logon. As soon as I deleted it from SQL, TFS Application Tier Console Reapply worked immediately and updated the SID. – Deserving 21/8, 2017 at 15:7

@Deserving Yes, it's just a tool force tfs sync. The TFSConfig Identities command cannot migrate any account to an account that already exists in TFS. Seems this issue fixed by deleting the orphaned SQL logon. Since you are doing a environment-based move /changing the domain, you could take a look at this useful tutorial--Move Team Foundation Server from one environment to another – Fotinas 21/8, 2017 at 15:50

If I could ask a question about that Move TFS checklist link you just posted. I have studied it in detail for a week since before you posted it, & still don't understand it. However, I am now confident I have solid TFS, RS & SharePoint backups, so I'm ready to prep the TFS accounts, but I don't understand what that means. Am I supposed to delete all the administrator accounts in the local administrator group, including the domain administrator, except for a temporary 'moveAdmin', and then move the server? My destination domain is clean, no current users. – Deserving 22/8, 2017 at 1:58

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags