I am using groups in Active Directory to manage what users can access projects in TFS. My problem is, that even though AD shows them in the group, and even through TFS when I look at who is a member of the group, it shows the user, access is not immediately granted.
I have tried refreshing the worker procesess for TFS with no luck. A machine restart (the TFS server) does seem to fix it, but I can't be restarting my Source Control every time I make a change to AD.
How do I make AD "discover" the changes to AD more often? As of now it is some time under 24 hours before the changes finally occur and the users are allowed into the project. Also, this was happening with TFS 2005, and we upgraded to 2008, and it is still happening.
Any ideas?
Best Answer
Group memberships are enumerated for the user at logon. When you make changes to a users memberships in AD, the user needs to log out/in of their machine for the changes to take effect for the user. I'm guessing the "under 24 hours" you mention is due to the fact they're coming back to work the next day and logging into the machine.