Add a user to the "Team Foundation Service Accounts" group in TFS

you might want to use tfssecurity.exe command for this purpose. At least, this is the default approach. MS decided to make it not that easy to add someone to this group to keep the number of "global god-users" low. :-)

See this link for further info: http://msdn.microsoft.com/en-us/library/ms400759.aspx


There is only one way for this.

Please use following command to add user in service accounts group:

tfssecurity /g+ "Team Foundation Service Accounts" n:domain_name\user_name /server:SERVER_URL


Wow! This one was hard to figure out. In the end I only got it due to luck (and trying a lot of different things).

Here is what you do:

  1. Open the TFS Admin Console
  2. Click on the Applciation Tier in the left tree
  3. In the "Administration Console Users" find your user (assuming it is there)
  4. Select your user, and then select "Reapply" to the right of the box
  5. Click on Advanced Features in the dialog box that appears.
  6. Make sure "Add required permissions to change service accounts" is selected.
  7. Select OK

RESULT: The user is added to the "Team Foundation Service Accounts" group

whew! Glad that is solved, I was going NUTS!