Share via


TfsMigrator ISVError:300005 Mapping MemberSid > MemberId

Note and warning: This is a workaround and by no mean an official fix, use with care and make sure you backup your config database.

If you are using tfsmigrator you may have encountered this error ISVError:300005 Unexpected non group identity was found to have direct membership to everyone group, and according to official documentation https://docs.microsoft.com/en-us/vsts/articles/migration-troubleshooting you need to run

DECLARE @p6 dbo.typ_GroupMembershipTable INSERT into @p6 values('{GroupSid}','Microsoft.TeamFoundation.Identity','{MemberId}',0) EXEC prc_UpdateGroupMembership @partitionId=1,@scopeId='{ScopeId}',@idempotent=1,@incremental=1,@insertInactiveUpdates=0,@updates=@p6,@eventAuthor='9EE20697-5343-43FC-8FC5-3D5D455D21C5',@updateGroupAudit=0

You are supposed to populate the above t-sql with the parameters you get from the error tfsmigrator threw out:

ISVError:300005 Unexpected non group identity was found to have direct membership to everyone group. GroupSid:S-1-9-1551374245-3746625149-2333054533-2458719197-2313548623-0-0-0-0-3, MemberId:76050ddf-4fd8-48c4-a1ff-859e44364519, ScopeId:7df650df-0f8b-4596-928d-13dd89e5f34f

But instead of getting MemberId like all thing should be, you are getting, MemberSid:System.Security.Principal.WindowsIdentity;S-x-x-xx-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxxxx

What you do?
Note down the ScopeId and GroupSid from the original tfsmigrator error and perform the following t-sql

#1 SELECT DisplayName from tbl_Group where Sid = '{GroupSid}'
This should get you the offending tfs group

#2 SELECT Name from tbl_GroupScope where ScopeId = '{ScopeId}'
This should give you the project name (I think) at least according to this doc https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2013/ff731995(v=vs.120)

Go to project tfs web portal (from #2) tfs>admin>security find tfs group from #1 and look for any suspicious member (hopefully not a lot, anything that is non TFS group identity, such as an AD group or user identity<from here ) and find the accountname

#3 SELECT Id from tbl_Identity where AccountName = '{AccountName}'
You should get the membereid, I HOPE.

Powered with this memberid from #3 you can proceed to re-run the command as suggested https://docs.microsoft.com/en-us/vsts/articles/migration-troubleshooting
DECLARE @p6 dbo.typ_GroupMembershipTable INSERT into @p6 values('S-1-9-1551374245-3746625149-2333054533-2458719197-2313548623-0-0-0-0-3','Microsoft.TeamFoundation.Identity','76050ddf-4fd8-48c4-a1ff-859e44364519',0) EXEC prc_UpdateGroupMembership @partitionId=1,@scopeId='7df650df-0f8b-4596-928d-13dd89e5f34f',@idempotent=1,@incremental=1,@insertInactiveUpdates=0,@updates=@p6,@eventAuthor='9EE20697-5343-43FC-8FC5-3D5D455D21C5',@updateGroupAudit=0