Move a TFS collection from one Domain to another with existing users.


 

We see a lot of customers who would like to just move a collection from one environment to another (cross domain move of collections)

We recommend moving TFS as a whole, but there are some requirements from the customer side, where you have TFS on both the domains, same users on both domains with different logins and still want a collection moved carrying over the history.

Note that this is a workaround for such scenarios.

Goal:

1. I have servers TFS Alpha on Domain Alpha and TFS Beta on Domain Beta.

2. AlphaCollection and BetaCollection are the collections on Alpha, Beta respectively.

3. I have same users on both the domains. They have been doing work on both, and I’d like to move a collection AlphaCollection to TFS Beta and migrate the history too.
Domain 1

Restrictions:

The users are already in BetaCollection, and hence already added in TFS (The identities command would fail if we try to run again).
Alpha and Beta domains do not trust each other.

Reference Articles
:

Move a team project collection
Identities Command
Move Team Foundation Server from one environment to another (Refer this for important caveats on Domain Moves)

Steps:

1. Detach the collection from TFS Alpha. Take a backup.

2. On Domain Beta, spawn a new test TFS server Tango with a new configuration database.

3. Ensure that the users to be migrated are not added to this TFS.

4. Attach AlphaCollection to Tango.

5. Migrate the users there, like so, where we are moving a user Jdoe from domain Alpha to Beta.

C:\Program Files\Microsoft Team Foundation Server 12.0\Tools>
TFSConfig Identities /change /fromdomain:ALPHA /todomain:BETA /account:Jdoe /toaccount:Jdoe

Logging sent to file C:\ProgramData\Microsoft\Team Foundation\Server Configuration\Logs\CFG_ACCT_AT_0916_012858.log

Microsoft (R) TfsConfig – Team Foundation Server Configuration Tool

Copyright (c) Microsoft Corporation. All rights reserved.

Command: identities

Microsoft (R) TfsConfig – Team Foundation Server Configuration Tool

Copyright (c) Microsoft Corporation. All rights reserved.

Account Name Exists (see note 1) Matches (see note 2)

————————————————————————-

BETA\Jdoe True False Changed

1 security identifier(s) (SIDs) were changed in Team Foundation Server.

6. Similarly migrate the other users.

7. Now, TFS would sync these identity with the Beta Domain. But this will not happen immediately. To force TFS to do a complete sync with AD, open an administrative powershell prompt on the TFS Tango machine, and run the below script.
(Note: Version 12.0.0.0 stands for TFS 2013. Use 11.0.0.0 for TFS 2012)

[Reflection.Assembly]::Load("Microsoft.TeamFoundation.Client, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")

# connect to the server

$credProvider = new-object Microsoft.TeamFoundation.Client.UICredentialsProvider

$tfsConnection = new-object Microsoft.TeamFoundation.Client.TfsConfigurationServer "http://localhost:8080/tfs", $credProvider

$tfsConnection.EnsureAuthenticated()

# force a full sync on the next sync execution.

$tfRegistry = $tfsConnection.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationRegistry])

$tfRegistry.SetValue(‘/Service/Integration/Settings/IdentitySyncFull’, $true)

# Kick the IMS periodic job so that it syncs.

$jobIds = [Guid[]] @(‘544DD581-F72A-45A9-8DE0-8CD3A5F29DFE’)

$jobSvc = $tfsConnection.GetService([Microsoft.TeamFoundation.Framework.Client.ITeamFoundationJobService])

$jobSvc.QueueJobsNow($jobIds, $true)

# Optional: Run this repeatedly till you see a recent job result.

# See if the job succeeded.

$jobSvc.QueryJobHistory($jobIds) | select -last 1

8. Detach the collection from TFS Tango.

9. Attach it to the TFS Beta Server.

10. Now, you have the collection moved to the new domain, with history of the respective users.

The trick here is the creation of a test server and doing a migration for existing users there.
Upon doing a detach of the then user migrated collection, you can attach to the existing TFS servers there.

If you want to redo this again for another collection, re-do the same process.

Domain (2)

DISCLAIMER: Domain moves can be tricky, make sure that you test this scenario out completely before implementing this in production.

Content created by – Manigandan B
Content reviewed by – Romit Gulati

Comments (0)

Skip to main content