We started creating Azure subscriptions before organization accounts were available, but now when even Visual Studio Online supports organization accounts, we wanted to switch from Microsoft accounts. (Microsoft accounts have the obvious drawbacks: more passwords to remember and access does not go away automatically when people quit.)
The subscription owner (service account) was a Microsoft account – let us call this email@example.com. The subscriptions were linked to a domain that I refer to here as domain1.onmicrosoft.com, and the new domain, which is synced with our Active Directory, I refer to as company.onmicrosoft.com.
So here is what we had to do make the switch with co-administrators:
- Change the AD account name of firstname.lastname@example.org to email@example.com. Why? Because this account was synced to company.onmicrosoft.com, and there can only be one account with the same name in the same Azure Active Directory (AAD). (The Microsoft account is added in step 4 below.)
- Go to manage.windowsazure.com and login as firstname.lastname@example.org.
- Create a new directory. Choose custom create. Select Use existing directory.
- Log in as a global administrator of the company.onmicrosoft.com domain. What happens now is that email@example.com (the Microsoft account) is automatically added as a global administrator in company.onmicrosoft.com.
- Log out and log in again as firstname.lastname@example.org. There should now be a new directory (company.onmicrosoft.com) visible.
- Go to settings, select a subscription and click Edit Directory at the bottom of the page. Change to company.onmicrosoft.com. You get a warning saying all co-administrators will be deleted. That is OK, because that is what we wish to accomplish.
- Add organization accounts as co-administrators as appropriate.
Azure Service Administrators
Now, we also wanted to change the service administrator from email@example.com (Microsoft account) to firstname.lastname@example.org (organization account). That is accomplished in the account portal.
- Go to account.windowsazure.com and log in.
- Select a subscription.
- Click Edit subscription details.
- Change the service administrator.
I don’t know how to change the account administrator. Maybe it requires a support ticket.
Visual Studio Online
Visual Studio Online was the most difficult service. You can administer some aspects in the Azure managment portal (manage.windowsazure.com). But when you connect it to the new domain (company.onmicrosoft.com in my case), users not in that domain will loose access. Because the Microsoft accounts probably do not exist in that domain, you will have to create new users in Visual Studio Online, and because the probably have the same names as the corresponding Microsoft accounts, you must first delete these.
But beware! Before you start deleting users and switch domain, you must make sure no user has anything checked out. You might also want to delete all workspaces, because when the “new” users start Visual Studio and log in, they must create new workspaces, because the old workspaces are owned by different users. And you cannot have work folder mappings in two workspaces to the same local folder on the same computer (error: The working folder is already in use by the workspace…)
Use the following command to list all workspaces:
tf workspaces /server:<instance>.visualstudio.com\DefaultCollection /owner:*
or the following to see details on a specific computer:
tf workspaces /server:instance.visualstudio.com\DefaultCollection /computer:<computer>/owner:* /format:detailed
You can delete a workspace with the following command:
tf workspace /delete /collection:<instance>.visualstudio.com\DefaultCollection "<computer>;<user>"
Or simpler, use Team Foundation Sidekicks. In fact, I did not delete my work space before making the switch, and the only way I could delete it afterwards was to use Sidekicks.
- Ensure no user has anything checked out.
- Delete workspaces for Microsoft accounts that you plan to abandon in favour of organization account.
- Delete accounts in VisualStudio Online using User Management (https://<instance>.visualstudio.com/_user).
- Go to manage.windowsazure.com and login as an administrator. Select your Visual Studio Online service and click Configure. Click the Connect button and connect to the company.onmicrosoft.com domain.
- MSDN subscribers must connect their Microsoft accounts with their organization accounts in the My Account section of MSDN (https://msdn.microsoft.com/subscriptions/manage/hh442900). Under Visual Studio Online they can create this link.
- In Visual Studio Online using User Management, add users again. This time, their organization accounts will be added. If they have MSDN, you should choose Eligible MSDN Subscriber as license.
- Click the cog wheel in the upper right corner in Visual Studio Online to go to the control panel. Select a project, click on your team and add team members and administrators.
- In Visual Studio, users must switch user by clicking Connect to Team Projects in Team Explorer and then Select Team Projects… In the bottom of the Connect to Team Foundation Server dialog, click Switch User. Enter the organization account credentials.
- If a user doesn’t see any code, just work items, he or she has probably a stakeholder license, not an MSDN license. They can check this by logging in to <instance>.visualstudio.com. See step 5 above. If it still doesn’t work, try changing license to basic and then back to MSDN.