Team Foundation Server (TFS) – Client – Command Line Tooling – Permissions

Background

In rare cases, one might want to script TFS permissions.

 

Introduction

We will tackle a couple of areas:

  • List all permissions
  • List all users who belong to a specific TFS group
  • Add a user to a TFS group
  • List all the groups a user belongs to

Permissions

Here are some sample scripts.

 

List all Permission Groups

Script:


set tfUtilFullName="C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\tfssecurity.exe"
%tfUtilFullName% -collection:http://tfs.lab.org:8080/tfs/collection2010 /g "HRDB"

 

List all Users who belong to specific Group ( Before Adding users )

Script:

set tfUtilFullName="C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\tfssecurity.exe"

%tfUtilFullName%  /im  "[HRDB]\Contributors" /collection:http://tfs.lab.org:8080/tfs/collection2010

 

 Output:


Microsoft (R) TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation. All rights reserved.

The target Team Foundation Server is http://tfs.lab.org:8080/tfs/collection2010.

Resolving identity "[HRDB]\Contributors"...

SID: S-1-9-1551374245-3149700769-589108548-3168122129-1129863805-1-1068157961-858485061-2614861277-1108247412

DN:

Identity type: Team Foundation Server application group
Group type: Generic
Project scope: HRDB
 Display name: [HRDB]\Contributors
 Description: Members of this group can add, modify, and delete items within the team Project.

Member of 1 group(s):
 [A] [collection2010]\Project collection Valid Users

Done.

 

Add user to specific group

 

Script:


rem /g+ command: Add member to group

set tfUtilFullName="C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\tfssecurity.exe"
%tfUtilFullName% /collection:http://tfs.lab.org:8080/tfs/collection2010 /g+ "[HRDB]\Contributors" n:"LABDOMAIN\dadeniji"

 

 Output:

 


Microsoft (R) TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation. All rights reserved.

The target Team Foundation Server is http://tfs.lab.org:8080/tfs/collection2010.
Resolving identity "[HRDB]\Contributors"...
[A] [HRDB]\Contributors
Resolving identity "n:LABDOMAIN\dadeniji"...
[U] LABDOMAIN\dadeniji (Adeniji, Daniel )
Adding Adeniji, Daniel  to [HRDB]\Contributors...
Verifying...

SID: S-1-9-1551374245-3149700769-589108548-3168122129-1129863805-1-1068157961-858485061-2614861277-1108247412

DN:

Identity type: Team Foundation Server application group
Group type: Generic
Project scope: HRDB
Display name: [HRDB]\Contributors
Description: Members of this group can add, modify, and delete items within th
e team Project.

1 member(s):
[U] LABDOMAIN\dadeniji (Adeniji, Daniel )

Member of 1 group(s):
e [A] [collection2010]\Project collection Valid Users

Done.

 

List all Users who belong to specific Group ( Upon Adding  lone user )

Script:

set tfUtilFullName="C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\tfssecurity.exe"

%tfUtilFullName%  /im  "[HRDB]\Contributors" /collection:http://tfs.lab.org:8080/tfs/collection2010

 

 Output:


Microsoft (R) TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation.  All rights reserved.

The target Team Foundation Server is http://tfs.lab.org:8080/tfs/collection2010.
Resolving identity "[HRDB]\Contributors"...

SID: S-1-9-1551374245-3149700769-589108548-3168122129-1129863805-1-1068157961-858485061-2614861277-1108247412

DN:

Identity type: Team Foundation Server application group
   Group type: Generic
Project scope: HRDB
 Display name: [HRDB]\Contributors
  Description: Members of this group can add, modify, and delete items within the team Project.

1 member(s):
  [U] LABDOMAIN\dadeniji (Adeniji, Daniel )

Member of 1 group(s):
e [A] [collection2010]\Project collection Valid Users

Done.

 

List all the groups a user belongs to

Script:

set tfUtilFullName="C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\tfssecurity.exe"

%tfUtilFullName%  /im  /collection:http://tfs.lab.org:8080/tfs/collection2010 n:"LABDOMAIN\dadeniji"

 

 Output:


Microsoft (R) TFSSecurity - Team Foundation Server Security Tool
Copyright (c) Microsoft Corporation. All rights reserved.

The target Team Foundation Server is http://tfs.lab.org:8080/tfs/collellection.
Resolving identity "n:labdomain\dadeniji"...

SID: S-1-5-21-2052111302-854245398-1177238915-2126003

DN: CN=dadeniji,OU=Users00,OU=Users,OU=CHVPK,OU=North America,OU=Lab,DC=,DC=labdomain,DC=org

Identity type: Windows user
 Logon name: labdomain\dadeniji
 Mail address: Daniel.Adeniji@lab.org
 Display name: Adeniji, Daniel 

Member of 2 group(s):
 [A] [HRDB]\Project Administrators
 [A] [HRDB]\Contributors

Done.

References

Workspaces

 

Command Line Tools

TF.EXE

 

TF.EXE – INFO

 

TF.EXE – Permission Command

 

TFSSecurity

TFSSecurity – List Groups

TFSSecurity – List Users

 

TFSSecurity – Community Contribution

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s