问题描述
我正在尝试使用TFSSecurity在我们的新TFS 2017实例上配置安全性。当我通过将TFS服务器上的本地用户帐户添加到TFS组中进行测试时,它的工作效果很好,但是当我尝试更改为添加域组或帐户。这是我得到的命令和结果:
I am trying to use TFSSecurity to configure security on our new instance of TFS 2017. It works great when I test it by adding local user accounts on the TFS server into a TFS group but fails as soon as I change to trying to add domain groups or accounts. Here's the command and the results I am getting:
Microsoft(R)TFSSecurity-Team Foundation Server安全工具
版权所有( c)微软公司。保留所有权利。
Microsoft (R) TFSSecurity - Team Foundation Server Security Tool Copyright (c) Microsoft Corporation. All rights reserved.
目标Team Foundation Server是
。
The target Team Foundation Server is http://myTfsServer:8080/tfs/PrimaryCollection.
解析身份
n:[Project1] \贡献者 ...
[A] [Project1] \贡献者
Resolving identity "n:[Project1]\Contributors"...
[A] [Project1]\Contributors
正在解析身份 n:DOMAIN1\TFS-Developers ...
Resolving identity "n:DOMAIN1\TFS-Developers"...
错误:身份无法
我正在使用DOMAIN1上的一个帐户运行此命令,该帐户可以在Active Directory用户和计算机中看到该组,因此看起来就像它应该没有解决身份的问题一样。但是,服务器未加入DOMAIN1上的网络。它加入到另一个名为DOMAIN2的域中,该域与DOMAIN1具有单向信任。我怀疑这可能是造成问题的原因,但我不确定如何解决它,或者不确定如何诊断问题才能确定这一点。有任何想法吗?
I am running this command using an account on DOMAIN1 that can see the group in Active Directory Users and Computer so it seems like it should not have an issue resolving the identity. However, the server is not joined to the network on DOMAIN1. It is joined to a second domain called DOMAIN2 that has a one way trust with DOMAIN1. I suspect that this might be causing the problem but I'm not sure how to work around it if it is or how to diagnose the issue to know this for sure. Any ideas?
推荐答案
这根本不是域信任问题。我使用了错误的组名。非常尴尬,但是很好的提醒您在您认为它们很复杂之前先检查它们。
This turned out not to be a domain trust issue at all. I was using the wrong group names. Very embarrassing but a good reminder to check for the stupid stuff before you assume it's something complicated.
这篇关于TFSSecurity无法解析身份的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!