Active Directory integration is an important feature of the TFS. It helps manage security and users in a more efficient way. Active Directory integration most often needed for bigger size of organizations where Active Directory is established and used. Also, Active Directory allows us to have dual server installation of TFS on 32 bit and 64 bit architecture.
Team Foundation Server allows us to add groups and users already set up within Active Directory at project level TFS server level. It helps us more easily manage user groups and users.
Security is another benefit for using Active Directory. Active Directory uses built-in login authentication and authorization which provide protection for all network access and resources and in our case it provides same security framework to our Team Foundation Server.
We don’t always use Active Directory when deploying TFS within companies. For instance, if organization is small and does not have AD, we would use workgroups. In addition, if we create proof of concept TFS set up we will probably use workgroups as well. Workgroups will not support dual installation of the TFS. Dual Server installation is not supported by workgroups and workgroups only work with 32 bit architecture.
There are certain rules that we need to follow when integration Active Directory with the Team Foundation Server. For instance, we cannot deploy and configure TFS on the Domain Controller and TFS supports only most recent Active Directories such as Windows 2000 Active Directory (native mode), Windows 2003 Active Directory (functional level) Also, if we decide to deploy data tier and application tier in different domains we will not have the most optimal performance of our Team Foundation Server.
In order to add user accounts or user groups from Active Directory, we need to select Team menu option, and then Team Project Settings if we adding users/groups on project level or Team Foundation Server Settings if we are adding users/groups on server level.