Unable to delete workspaces for moved users
Hi,
We have had some misfortune in our active directory domain. Some users where moved by accident to a sub-domain and after discvovering that moved back to the originating domain. This caused of course an update of all SID's of the moved user accounts. The apptier recovered wunderful well with one glitch.
The existing workspaces of the users still remain leading to the strange effect that they cannot map a new workspace to the same folder and some users had still checkouts in that workspace.
Listing the workspaces shows the troubled workspaces with usernames postfixed with a number (unhappyuser:13) where there also exists workspaces for unhappyuser.
I tried the tf workspace /delete option and /tf workspaces /updateUsername:unhappyuser:13 to no avail. All this leads to the tf error: 50605: There was an error looking up the SID for unhappyuser:13.
I even digged in the datatier to find the previous SID for UnhappyUser and tried using that SID to delete the workspace without succes. As I'm out of options is there anyone who can lead me to a solution?
Tnx,
Rene
Hi Adam,
Thanks for responding.
I suppose you mean to run this command:
tfsadminutil sid /change [source] [target]
Do I enter for source the SID of the 'UnhappyUser' before his unfortunate removal and for target the current SID for 'UnHappyUser'? Obtaining the current sid can be done with tfssecurity but I so far only find the 'old' SID by poking around the identiy tables in the SQL Server on our data tier.
Is that the right procedure?
Rene
I believe "source" and "target" are actually the domain names, and "account" is the account name. In this case, since you deleted and recreated users in the same domain, I would try "tfsadminutil sid /change <DOMAIN> <DOMAIN> <username>".
Hope this helps-
Cheers,
Adam
Hi Adam,
I did run the command tfsadmintuil sid /change ourdomain ourdomain ourdomain\unhappyuser
The output showed no errors, It showed the header of a list but it didn't output anything under the header. I'm not sure if this is indication of succes :-)
We'll wait for an hour to give the apptier time to update things and I'll recheck then if the problem still persists.
Rene
I don't think you need to specify the domain as part of the user name. Instead, try: "tfsadminutil sid /change ourdomain ourdomain unhappyuser"?
It should print out a list of the users changed if it succeeds.
Cheers,
Adam
Hi Adam,
Ok, did that, I received notification that it found UnHappyUser and that it found the user in AD and that the SIDs equals.
I still have workspace now for UnHappyUser and UnhappyUser:15. Does it take time for the changes to become effective?
Rene
it is based on the configuration u did on Warehouse...if you want to run manually...do the following..
Start ->Run ->inetmgr
under website...select team foundation server ..select warehouse..v1.0...browse the webservice warehousecontroller.asmx...you will get all list of operations...select RUN..and invoke...if it is showing as TRUE..then done..it will update the changes in the TFSWarehouse database...
Thanks, Kathir
