How to add users programmatically to TFS

Question

I want to add users programmatically to a Team Project. What I found out to be the solution was this:

IGroupSecurityService gss = (IGroupSecurityService)objTFS.GetService(typeof(IGroupSecurityService));
Identity identity = gss.ReadIdentity(SearchFactor.AccountName, "Group name", QueryMembership.None);
gss.AddMemberToApplicationGroup(groupProject.Sid, member.Sid);

But this only work for groups/users known to TFS.

I want to add a Windows account to TFS

For example:

Windows account name: TestTFS

Password:123456

Then add the TestTFS to TFS programmatically.

I know there is a tool named TeamFoundation Administration Tool can do that, but I do not want to use it.

Answer 1

In TFS2012, the IGroupSecurityService was marked obsolete and replaced with IIdentityManagementService.

You can use IIdentityManagementService.ReadIdentity() along with IIdentityManagementService.AddMemberToApplicationGroup() to add Windows users to TFS groups, even if those Windows users are not known to TFS yet.

This is accomplished by specifying the ReadIdentityOptions.IncludeReadFromSource option.

Below is an example of adding a Windows user VSALM\Barry to the Fabrikam Fiber Web Team (TFS Group), in the FabrikamFiber Team Project, in the http://vsalm:8080/tfs/FabrikamFiberCollection server/collection.

You will need to add references to: Microsoft.TeamFoundation.Client and Microsoft.TeamFoundation.Common

using Microsoft.TeamFoundation.Client;
using Microsoft.TeamFoundation.Framework.Client;
using Microsoft.TeamFoundation.Framework.Common;
using System;

namespace ConsoleApplication1
{
   class Program
        {
        static void Main(string[] args)
        {
            var tpc = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri("http://vsalm:8080/tfs/FabrikamFiberCollection"));

            var ims = tpc.GetService<IIdentityManagementService>();

            var tfsGroupIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
                                                    "[FabrikamFiber]\\Fabrikam Fiber Web Team",
                                                    MembershipQuery.None,
                                                    ReadIdentityOptions.IncludeReadFromSource);            

            var userIdentity = ims.ReadIdentity(IdentitySearchFactor.AccountName,
                                                    "VSALM\\Barry",
                                                    MembershipQuery.None,
                                                    ReadIdentityOptions.IncludeReadFromSource);

            ims.AddMemberToApplicationGroup(tfsGroupIdentity.Descriptor, userIdentity.Descriptor);
        }
    }
}

Answer 2

I had the same issue, finally following code worked

            NTAccount f = new NTAccount(userName);
            SecurityIdentifier s = (SecurityIdentifier)f.Translate(typeof(SecurityIdentifier));
            string userSid = s.ToString();

Namespace : using System.Security.Principal;

Answer 3

In order to perform this operation via the TFS API, you need access to 2 levels of information.

1. The sid of the user you want to add,

2. The sid of the group you want to add the user to => The code you have shown in your post will get you the id of the group you want to add the user to.

I found 2 links with sample code i think can be helpful to you,

• http://www.koders.com/csharp/fid950BA08A78C801F46B18D196597CBB40E2E2B29D.aspx

• Source code of the tfs admin tool: http://tfsadmin.codeplex.com/SourceControl/changeset/view/83047#1591025