How to: Update the Security Identifiers (SIDs) for Accounts That Were Used to Create Projects

  • Article

To prevent project leaders in Visual Studio Team System Team Foundation Server from losing administrative access of the Web sites for their projects, you must update the security identifiers (SIDs) for their user accounts or security groups in certain circumstances. If domain accounts were not used when projects were created, you must update SIDs whenever you reinstall Team Foundation Server, move the application-tier server to another computer, or change your deployment from a workgroup to a domain. If domain accounts were used when projects were created, you must update SIDs whenever you change the domain of your deployment of Team Foundation Server. In these instances, the SIDs for users who created projects change, but the changes cannot be propagated to the restored data.

To update the data with the new SIDs, you must remove and re-add the user accounts to SharePoint Products and Technologies. You cannot automatically migrate SharePoint Products and Technologies users and groups and their role memberships across domains. SharePoint Products and Technologies will show the users and groups and their role memberships for each site. Based on the changes that were made to the deployment and the Active Directory trust relationship with the previous deployment, those users and groups might not be valid after you move or reinstall Team Foundation Server. For those users and groups that are not valid, you must create valid user and group memberships in the roles in the new deployment. For more information, see Managing Permissions and Trusts and Forests Considerations for Team Foundation Server.

Required Permissions

To perform these procedures, you must be a member of the Farm Administrators security group for SharePoint Products and Technologies.

To update the SIDs for user accounts in Windows SharePoint Services 3.0

  1. Log on to the server that hosts SharePoint Products and Technologies.

  2. Open Start, point to Administrative Tools, and then click SharePoint Central Administration.

    The Central Administration window for SharePoint Products and Technologies opens.

  3. Click Site Actions, and then click Site Settings.

    The Site Settings page opens.

  4. Under Users and Permissions, click People and groups.

    The People and Groups: Farm Administrators page opens.

  5. Select the check box next to the user account that was used to create projects, click Actions, and then click Remove Users from Group. Click OK when you are prompted to confirm the removal.

  6. On the New menu, click Add Users.

    The Add Users: Central Administration page opens.

  7. In the Users/Groups box, type DomainName\UserName, and then click Check Names.

  8. Under Give Permission, click Give users permission directly, select the check boxes for the permissions that you want the user to have, and then click OK.

    Note

    You can add a user to a SharePoint group by clicking a group in the Add users to a SharePoint group list.

  9. Repeat steps 3 through 8 for each user or group account that you must remove and recreate.

  10. When you finish updating information for the team project portals, close the browser window.

To update the SIDs for user accounts in Windows SharePoint Services 2.0

  1. Log on to the server that is running SharePoint Products and Technologies.

  2. Click Start, point to Administrative Tools, and then click SharePoint Central Administration.

    The Central Administration window for SharePoint Products and Technologies opens.

  3. Click Set SharePoint Administration Group, type a group account name and the domain (if appropriate) of a different group from the one that was used to create the projects before the server was reinstalled or moved. Click OK.

    Note

    You can add only one domain group or user to the SharePoint administrators group. You cannot add a local group. However, members of the Local Administrators group on the server can also perform administration tasks for SharePoint Products and Technologies.

  4. In Central Administration, click Manage Web Site Users.

  5. In Manage Web Site Users, in Site URL, type the URL of one of the team project portals.

  6. In Add User, add a user account as an administrator, and include its e-mail address.

  7. Repeat steps 5 and 6 for each team project portal.

  8. In the Explorer pane, click Windows SharePoint Services.

  9. In Central Administration, click Manage site collection owners.

  10. In Manage Site Collection Owners, in Site URL, type the URL of one of the team project portals, and then click View.

  11. Under Site Collection Owner, type the domain and account name of the user whom you added as an administrator to the team project portal, and then click OK.

  12. Repeat steps 10 and 11 for each team project portal.

  13. When you finish updating information for the team project portals, close the browser window.

See Also

Tasks

How to: Restore Data for Team Foundation

How to: Move from a Single-Server to a Dual-Server Deployment

Other Resources

Managing Data