|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer|
Use Sid to update or list either all or specified registered security identifiers (SIDs).
To use the Sid command, you must be a member of the Team Foundation Administrators security group on the Team Foundation application-tier server and a member of the sysadmin security group for the SQL Server on the Team Foundation data-tier server. For more information, see.
Used with /Change option to instruct the Sid command to change the SIDs for users currently in the Team Foundation Server integration database that are in the domain or computer in a work group specified by source.
Used with /Change option to instruct the Sid command to change the SIDs in the Active Directory of the domain or computer in a work group specified by target.
Used with /Change option to instruct the command to update the SIDs for the account specified by account.
Synchronizes the SID in the Team Foundation Server database with the SID from Windows. If they are different, updates the Team Foundation Server SIDs for all (/All) or a specific user account. This option only works in workgroup environments.
If /Change is not specified Sid command defaults to listing the SIDs.
We recommend that you back up the databases in the Team Foundation Server data tier server.
Team Foundation Server uses SIDs for identifying users and associating them to permissions. Team Foundation source control stores the users’ information in the identity table where the user's SID is registered as the authenticationKey.
The TFSAdminUtil Sid command is used by an administrator to update user accounts to respond to renaming users, or reinstalling Team Foundation onto a different computer. For example, if the administrator wants to move the Team Foundation installation to a new computer, the administrator must follow these steps:
Restore the data backups and create the application tier.
Use the TFSAdminUtil Sid command to list all of the accounts.
Use the list generated in step two (2) to create all the user accounts.
Run TFSAdminUtil Sid /Change source target command to update the SIDs of the user accounts in the Team Foundation Server.
This results in the user accounts retaining all of their previous permissions and ownerships.
After you use the Sid command, you can expect unpredictable behavior until Team Foundation Server synchronizes with Active Directory. It is recommended that the migrated users do not use the system for at least an hour after the Sid command has been run.
The following command instructs the Sid command of the TFSAdminUtil utility to list all registered security identifiers.