a·gen·tic a·gil·i·ty

TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade

Explains how to restore missing group membership management in TFS 2012 after upgrading from TFS 2008 by manually adding permissions using TFS Security commands.

Published on
3 minute read
Image
https://nkdagility.com/resources/bKcrt-7tHMX
Subscribe

After an upgrade from TFS 2008 you are unable to edit permissions even though you are part of the appropriate groups. In this case it is an upgrade from TFS 2008 to TFS 2012 that did not have any errors on the way through. Everything looked like it worked, but…

Updated 2012-10-11 - Solution improvement for additional circumstances

I found that the solution below did not always do the job and I had to add a second command line to make it work. Effectively adding an additional ACL to the logged in user if they are not in the Project Administrator list.

You get an “Unable to remove the selected identity from this group” error when trying to remove someone from contributors.

TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade

Figure: Unable to delete user from group

Applies To

Findings

You need to make sure that you are in the appropriate groups first. This could be simply a case of not actually having permission.

  1. I am in the Administration Console Users list… (yes I reapplied)
    TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade Figure: Administration Console User List
  2. I am in the Team Foundation Server Administrators group…
    TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade Figure: Team Foundation Server Administrators
  3. I am in the Project Collection Administrators group… TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade Figure: Project Collection Administrators

If you have checked all of the permissions then we have a problem. Log in as the “TFS Service” account that you are using and see if you still can’t change things.

Now I can delete users from the Contributors group, woot… but why can’t other accounts that are administrators.

Solution

You need to add the permissions that you need as they were not part of the upgrade. To do this you need to call TFS Security and this is where things get a little complicated.

1tfssecurity.exe /a+ Identity vstfs:///Classification/TeamProject/PROJECT_GUID
2        ManageMembership adm:vstfs:///Classification/TeamProject/PROJECT_GUID ALLOW
3        /collection:http://tfsserver01:8080/tfs/Tfs01
4
5tfssecurity.exe /a+ Identity vstfs:///Classification/TeamProject/PROJECT_GUID
6        ManageMembership domainusername ALLOW
7        /collection:http://tfsserver01:8080/tfs/Tfs01

Figure: Command to add the missing security

In order to call TFS Security to add permissions to the Project Administrators group for the Team Project you need the Team Project GUID. Now in Visual Studio 2010 you can just right-click on the project node and you will see the GUID in the properties. But what if, like me, you don’t have 2010 to hand…

If you connect to the TFS Server and view the tbl_project table in the Collection you will see the Project Uri, which contains the GUID.

TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade

Figure: Finding the Project GUID

Now that you have the GUID for the Team Project you can execute the command above to add the missing ability to Modify Membership back into TFS.

TFS 2012 - Issue: Manage Group Membership missing from admin after TFS 2008 to TFS 2012 Upgrade

Figure: Adding the missing security

Hopefully there will be a better way to get the Team Project GUID once the RTM version of the Power Tools becomes available and that there will be a hotfix for this annoying bug in the upgrade.

Did this fix your problem?

Troubleshooting Software Development Install and Configuration
Subscribe

Related blog

No related videos found.

Connect with Martin Hinshelwood

If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.

Our Happy Clients​

We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.​

Sage Logo

Sage

ProgramUtvikling Logo

ProgramUtvikling

Alignment Healthcare Logo

Alignment Healthcare

Ericson Logo

Ericson

Slicedbread Logo

Slicedbread

Illumina Logo

Illumina

Kongsberg Maritime Logo

Kongsberg Maritime

Lockheed Martin Logo

Lockheed Martin

Lean SA Logo

Lean SA

SuperControl Logo

SuperControl

Schlumberger Logo

Schlumberger

Deliotte Logo

Deliotte

Milliman Logo

Milliman

MacDonald Humfrey (Automation) Ltd. Logo

MacDonald Humfrey (Automation) Ltd.

Graham & Brown Logo

Graham & Brown

DFDS Logo

DFDS

NIT A/S

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Department of Work and Pensions (UK) Logo

Department of Work and Pensions (UK)

Washington Department of Transport Logo

Washington Department of Transport

Royal Air Force Logo

Royal Air Force

Ghana Police Service Logo

Ghana Police Service

Washington Department of Enterprise Services Logo

Washington Department of Enterprise Services

Nottingham County Council Logo

Nottingham County Council

Milliman Logo

Milliman

Brandes Investment Partners L.P. Logo

Brandes Investment Partners L.P.

Deliotte Logo

Deliotte

Trayport Logo

Trayport

Slaughter and May Logo

Slaughter and May

Hubtel Ghana Logo

Hubtel Ghana