Because Team Foundation Server works across so many different applications (TFS services, SharePoint, Reporting, etc.) the best way to manage security is by setting up Active Directory groups. However, whenever you add a new user to the group you’ll quickly notice that it takes a long time before the user actually has access.
By default this process runs every hour, which for most teams, doesn’t cut it. But, there are a few ways to force this process to run:
•Remove and re-add the securtiy group
•Call the job web service to queue and identity sychronization job
•Use this awesome tool: TfsSyncIdentities.exe (zip file)
The syntax of the command is very straight forward. From the command line type:
Where the /server paramater points to your TFS server. We actually use this as part of our service whenever a user is added or removed from the project. Instant TFS access!