User's AD account deleted then recreated, now cannot access TFS

Solution 1

If you delete a user account three things happen.

1. The account is deleted. More importantly, the SID of the user account gets deleted.
2. The account's SID reference is removed from all security groups.
3. The account's SID reference in any resource permissions becomes an orphan.

If you recreate a user account with the same name it will have a different SID. That is why you need to reassign permissions for that user to any group or resource (files, folders, printers, etc.) again. Even if the SAM account name (the user name) and the password are the same as before.

What do I need to do to grant them access again? I've tried removing all permissions and adding them back, to no avail.

I can say with absolute certainty that you did overlook a significant (maybe small) spot, when you added those permissions back. Probably group permissions (see point 2. above).

Solution 2

Daniel answer is correct, but you can do better. TFS has a little know utility to manage user identities described at https://msdn.microsoft.com/en-us/library/ms253054.aspx.

TFSConfig Identities /change

Probably is too late, but imagine this sequence of actions.

1. Account DOMAIN\user is deleted (SID 1234) from AD
2. TFS will mark the identity deleted in its DB
3. Create account DOMAIN\user-temp (SID 2345)
4. Reassociate TFS identity DOMAIN\user to DOMAIN\user-temp using TFSConfig
5. Rename DOMAIN\user-temp to DOMAIN\user

Related videos on Youtube

09 : 37

Trigger: Account cannot be deleted if it has related Contact(s) record

Salesforce TechGeek

990

01 : 49

Azure Active Directory Recover deleted users | Restore deleted users in the Azure Active Directory

Paddy Maddy

730

04 : 18

Hinder - Lips Of An Angel (Official Music Video)

HinderBackstage

264

40 : 43

Backup and restore your AD objects easily and effectively.

ManageEngine ADSolutions

153

07 : 05

Jace Norman's Top On Screen Kisses 😘| Henry Danger

Henry Danger Official

8

03 : 17

Recover Deleted User Account From Active Directory Using Ldp

Eng.Mahmoud Enan

4

05 : 28

How to restore deleted Active Directory object in Windows server | Restore user accounts in AD

KELVGLOBAL ICT

3

Author by

Ryan Shripat

A passionate software developer with over 12 years of experience, I co-founded Mindbase Consulting Ltd, a Software Development and Consulting firm based in Trinidad and Tobago in 2006. I am also a Developer Lead at Teleios Systems Ltd. Recently, I've concluded an 18 month term as elected Secretary of the Trinidad and Tobago Computer Society and remain an Admin Member of the group. Personal Website (http://shripat.com/) LinkedIn Profile Twitter #SOreadytohelp

Updated on September 18, 2022