Add server-level administrators to Azure DevOps Server

Azure DevOps Server 2022 | Azure DevOps Server 2020 | Azure DevOps Server 2019 | TFS 2018

Azure DevOps provides one built-in role and three security groups to manage administrative tasks:

  • Team administrator role
  • Project Administrator group
  • Project Collection Administrator group
  • Team Foundation Administrators group

This article describes how to add users to the Team Foundation Administrators group. For information on adding users to other admin groups or roles, see:

For an overview of administrative tasks, see About user, team, project, and collection-level settings.

Prerequisite

You must be a member of the Team Foundation Administrators group to add a user to this group. The person who installed Azure DevOps Server is automatically added to this group.

Add a user to the server administrators group

To perform system maintenance, schedule backups, add functionality, and other server administrative tasks, Azure DevOps Server administrators must be able to configure and control all aspects of Azure DevOps Server. As a result, Azure DevOps Server administrators require administrative permissions in the software that Azure DevOps Server inter-operates with, in addition to Azure DevOps Server itself.

You can quickly grant these permissions to administrators by adding them to the Team Foundation Administrators group in Azure DevOps Server.

  1. On the application-tier server, add the user to the local Administrators group.

    Follow instructions for your operating system

  2. On the application-tier server, open the Azure DevOps Server Administration Console.

    Choose the Application Tier, and then Administer Security. Choose the [Team Foundation]\Team Foundation Administrators group. Then, select the group type and then choose Add.

    Tip

    To add an Azure DevOps Server Group, first create it from the web portal. For details, see {Add and manage security groups](/azure/devops/organizations/security/add-manage-security-groups).

    Screenshot of the Global Security dialog box with the Team Foundation Administrators group and the Add option called out.

  3. Next, choose Add under the Administration Console Users section to add users or groups to the set of users who can run the administration console.

If you're running a standard single-server deployment, or a multi-server deployment without reporting, you're done!

However, if you have multiple application tiers, you'll need to repeat these two steps on each application-tier server.

If you have reporting servers integrated with your Azure DevOps deployment, you need to manually add administrative users to those products separately. For details, see Grant permissions to view or create SQL Server reports in Azure DevOps Server.