Adding users to a TFS project when you’re not on the domain
Visual Studio Team System was obviously designed for user groups who are all members of a Windows Active Directory domain, all working in the same local network. I’m able to work remotely (without VPN, even) as long as I’m just checking files in and out, but the Visual Studio / TFS UI won’t let me grant users permission to contribute to my projects. I messed around with TFS Power Tools, but that didn’t work either.
I ended up running TFSSecurity.exe /g+ from the command line – you can find it in (by default for Visual Studio 2008) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE. Here’s the command I ran (substituting the correct server/projectname/domain/username, of course):
TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username"
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE>TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username" TFSSecurity - Team Foundation Server Security Tool Copyright (c) Microsoft Corporation. All rights reserved. The target Team Foundation Server is SERVERNAME.DOMAIN.COM. Resolving identity "[PROJECTNAME]\Contributors"... [A] [PROJECTNAME]\Contributors Resolving identity "n:DOMAIN\username"... [U] USERNAME\username (User Name) Adding User Name to Contributors... Verifying... SID: S-1-9-1233567890-1233567890-1233567890-1233567890-1-1233567890-1233567890-1233567890-1233567890 DN: Identity type: Team Foundation Server application group Group type: Generic Project scope: PROJECTNAME Display name: Contributors Description: A group for those with general read/write permissions across the project 6 member(s): [U] DOMAIN\username (User Name) [U] DOMAIN\username2 (User Name 2) [U] DOMAIN\username3 (User Name 3) [U] DOMAIN\username4 (User Name 4) [U] DOMAIN\username5 (User Name 5) [U] DOMAIN\jong (Jon Galloway) Member of 1 group(s): e [A] [SERVER]\Team Foundation Valid Users Done.
Done and done.