In Migrate TFS 2010 to Team Foundation Service, Jesse Houwing suggested using the following to get the necessary permissions: TFSSecurity.exe /g+ "Team Foundation Service Accounts" n:USERNAME /server:SERVERNAME
I can't get this to work.
I get "Server was unable to process request. ---> The requested operation is not allowed." And Adding member to Team Foundation Administrators with TFSSecurity with Team Foundation Service indicates "It is not support to add user to team foundation administrator group for current release team foundation service."
The user name(s) on my current TFS 2010 server don't exist on Team Foundation Services (and vice versa). Is USERNAME supposed to be the Live ID on Team Foundation Services? Or the domain username on my local TFS 2010 server? Do I use https://.visualstudio.com for SERVERNAME? Or do I need to append something like "/defaultcollection"?
I do not believe that you will have the ability to add an account to the service accounts group on TFService (not 100% sure on that one), but you only need to do this if you are putting in invalid data to any of the fields (i.e. a state on one of the work items that does not exist on the target system). Having these permissions will allow the integration platform to put in this data, but you can get around this issue by using value mappings for fields.
As for the usernames, you can use this blog post (it is for TFService to TFS 2012 on premise): http://blog.hinshelwood.com/migration-from-tf-service-to-tf-server-with-the-tfs-integration-platform/. Martin describes how to do the correct mappings for both version control and work items. All you need to do is reverse the mapping to go from TFS2010 on premise to TFService.