How do I remove a user from tfs?

StackOverflow https://stackoverflow.com/questions/23681810

  •  23-07-2023
  •  | 
  •  

質問

I have two users who are "stuck" in my tfs 2012 instance, so to speak. I've removed them from every conceivable group I can think of, yet they still have access to the portal (albeit with no projects).

Running the imx command found here yields the following information:

Microsoft (R) TFSSecurity - Team Foundation Server Security Tool Copyright (c) Microsoft Corporation. All rights reserved.

The target Team Foundation Server is mytfsserverurl.
Resolving identity "NT\username"...

SID: S-1-5-21-1715567821-1897051121-682003330-9628

DN: CN=User Name,OU=Win7_Desktop_Restricted,DC=nt,DC=domain,DC=com

Identity type: Windows user
Logon name: NT\username
Display name: User Name
Description: blahjblah

Member of 2 group(s):

e [A] [TEAM FOUNDATION]\Team Foundation Valid Users
e [A] [CollectionName]\Project Collection Valid Users

Done.

However, these users aren't in any other groups. When I look at the group membership for these groups on the server itself they aren't in there either. Neither user has any changesets, work items, or workspaces.

They appear in the web portal, but only when I search for them. I can't find them by navigating, and when I try to click "remove" I get the following error message:

Unable to remove the selected identity from this group.hide details TF50618: The Team Foundation Valid Users group cannot be modified directly.

enter image description here

How can I remove these users from these groups?

役に立ちましたか?

解決

There is a periodic clean-up job that is executed that removes people from the global groups. If you just wait they will disappear in a couple of days. They will not have access to any of the TFS assets however.

Now if you have more than 6k users synching into TFS you may find that the sync job is failing and they will never go away. If you look in http://tfs.mydomain.com:8080/tfs/_oi you should be able to see if the job is failing.

If you can't wait for the scheduled job you can kick it off: http://msmvps.com/blogs/vstsblog/archive/2011/02/17/force-tfs-to-sync-with-active-directory.aspx

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top