Wednesday, June 10, 2015

Move Team Foundation Server from one domain to another

I recently had to move a Team Foundation Server installation from one domain to another and therefore I followed this MSDN article: https://msdn.microsoft.com/en-us/library/ms404883.aspx

However, this article does not address a TFS Setup to accommodate SQL Server on a separate server and essentially assumes a single server installation of TFS (TFS and SQL Server residing on the same server).

Unfortunately, this left several gaping holes in the article which I had to manually address.

First of all, after switching servers over to the new domain, I had to manually add SQL service accounts that would have appropriate privileges on all of the SQL Server databases.  Since I did not have much guidance as to what specific privileges would be needed, I assigned sysadmin to my Service Accounts (it was a development environment anyway).

Next, all of the file system permissions were out of sync on my TFSBackups directory with the change of domains, therefore, I had to correct all of these permissions including adding back the name of my SQL Server Computer account to the list of permissions.

Of course, with the switch over to the new domain, I also had to manually update the domain accounts assigned to SQL Server Analysis Services and Reporting Services.

I then had to also remove any invalid TFS Administration Console Users from the old domain and add back new TFS Administration Console Users from the new domain.

When I attempted to remove the old domain Administration Console User, I received the following error message:





This, of course, led to the following article: http://blogs.msdn.com/b/tfsao/archive/2013/05/01/can-t-remove-admin-console-user.aspx.  I followed  the instructions in the article to move my previous dbo user to the new domain dbo user in my TFSDefaultCollection database.


Then, before I could update the Reporting section of TFS, I had to go back into SQL Server Reporting Services and restore the Encryption Key.  Once I had restored the Encryption Key, I could go back and update the Reporting section of TFS with new user account information from the new domain.

To verify that everything was working as expected, I decided to take a safety backup of TFS after the domain migration to ensure that the backup completed as expected.

To my surprise, after the migration was complete and I attempted to log into TFS as one of the domain users, I discovered that all of the original project permissions had been completely removed/wiped out!!  Therefore, I  had to go back into TFS and add all of the Security permissions back into all of the individual Projects in my Project Collection to ensure everyone had access once again.

Once I got through this extra laundry list of migration items, my TFS server was up and running on my new domain.

However, when some users attempted to log in under the new domain, they encountered error messages regarding invalid workspaces related to the old domain.  This was resolved by clearing out their old TFS credentials as is outlined in this article: http://blogs.msdn.com/b/visualstudioalm/archive/2012/08/29/clearing-the-credentials-for-connecting-to-a-team-foundation-server.aspx

On the side of SQL Server, I noticed that my SQL Server Maintenance Plans suddenly stopped working after I switched over to the new domain.  Just changing the credentials used for running the SQL Server Maintenance Plans did not seem to resolve the issue, therefore, I was forced to completely re-create the SQL Server Maintenance Plans before the SQL Maintenance Plans would execute successfully.

That seemed to resolve the remaining issues with the TFS domain migration!!





No comments:

Post a Comment