Many folks have written on the forums about trouble getting new users to access Team Foundation Server. There are a few things that are important to know here. The first is that we actually cache external identities in our databases so there can be a delay while we sync the external data and then populate our tables with the necessary information. When does that sync happen? Well, in TFS 2005 (codename Whidbey), there are three times when the sync is supposed to occur:

  1. When the system first starts up
  2. When a user adds an external identity to a TFS group
  3. When our sync timer fires once per hour

Unfortunately, we discovered that the third case doesn't work in the RTM version. We're expecting the fix for this to come out in an upcoming release. In the meantime, however, there is one important thing to note. By default, the application pool that runs the TFS service on the application tier will shut down after 20 minutes of inactivity. Hence, if there are no server requests for 20 minutes, the next time someone makes a request we'll restart the service and then kick off a sync. Unless your org has people working 24/7, this means that the AppPool will shutdown overnight and restart the following morning as the first user performs any TFS operation. In addition, you can force this to occur by resetting the AppPool (or IIS) on your AT yourself, though this will cause a service outage. You can also directly add users or groups to TFS groups to begin a sync of that particular external group.

Kudos to anyone who can identify the source of the title