Tuesday, April 28, 2009

TFS and client access from multiple domains

Is a client from a different domain unable to access your TFS system?

Check out this MSDN document “Trusts and Forests Considerations for Team Foundation Server”. It goes into configurations that are supported and unsupported and also goes into issues that might cause problems when a client from a different domain tries to access TFS.

Also, here is one thing that you can try to see whether or not TFS is able to get access to the user account of the person who is trying to access TFS. (Just to be clear, in this case, we are attempting to give access to a user from a different domain to TFS)

Log in to the TFS server using the TFSService account. Open a command prompt and run the following command

dsquery user -samid ACCOUNT_NAME -d DOMAIN | dsget user -dn -samid -sid -display -email –L

Replace account_name and domain, with the user id and domain of the user that you are trying to provide TFS access to. The command should run successfully and you should see account information such as the SID, email, displayname, etc. If you dont, then poke further into seeing if the 2 domains trust each other or if a firewall on one domain is blocking requests from the domain where TFS resides.

No comments: