I'm a developer and got the order to install a Team Foundation Server (2017) on a Windows 2012 Server (no RC) in our Network. All Clients of the network authenticates over a Active Directory, so it would make sense to stick to the same mechanism with TFS. (I know that it would work with workgroups but i would rather use what's in place…)
Honestly, i'm a bit scared to interrupt our Active Directory which would have direct impact on our network.
I have read the docs:
https://msdn.microsoft.com/en-us/library/ms253184(v=vs.90).aspx
https://msdn.microsoft.com/de-de/library/ms253081(v=vs.110).aspx
but can't find more specific info's.
My Questions are:
Does the TFS writes Entries into the Active Directory?
Is there something i would have to pay attention while installing the TFS regarding to the AD?
Can something go wrong with the AD? Are there scenerios in which i would destroy/interrupt the AD?
Best Answer
Let's clarify this:
TFS does not write to Active Directory (AD) nor "has it's own Active Directory".
TFS stores users and groups, permissions and security, into its own database. To integrate with Windows Security by running a background job every hour and reading users and groups from AD. Note that I wrote Windows Security because there are two scenarios:
Indeed the configuration wizards assume that all required Windows accounts (AD or Workgroup) exists (you see a
Test
link aside each input box).As a TFS Administrator, you have no dial for this job, but you should periodically look for errors in the Job Monitoring page (see New tools for TFS Administrators) at
_oi/_jobMonitoring/
.Instead, you should prepare your DNS configuration, if possible , to facilitate future changes and reconfiguration of your TFS infrastructure: see this and this posts.