user or group might be in a different domain
I have just set up a dual server installation. Everything seems to have installed correctly. When I try to add a member to the team foundation groups using the "add users and groups" / "windows user or group", I get the error:
Team Foundation Server could not resolve the user or group [user display name here]. The user or group might be a member of a different domain, or the server might not have access to that domain. Verify the domain membership of the server and any domain trusts.
The servers are all part of the same domain. The service account is a domain account. What do I need to do to fix this problem?
Thanks for your assistance,
Jason Fransella
The problem is probably just the fact that the client machine could not resolve the user or group name. For example, if the TFS server is in a domain that has one-way trust to the user domain, it would not be possible for an administrator to use the UI on a client machine to add a service account from the domain hosting TFS to any of the TFS groups. Another way of thinking about this is to consider Windows Explorer. If you can right click on a folder on the client machine and set shared folder permissions for the user you are trying to add to the TFS group, then the TFS security management UI should work.
In this situation, you either need to find a client machine that has the same sort of domain trust relationships as the server, or you need to use the TfsSecurity.exe tool from the Tools subdirectory on the TFS AT to edit group membership. You would be using the /g+ command to add users.
