In TFS 2015 Microsoft introduced test result retention settings. This has taken the need for running Test Attachment Cleaner (previously part of the PowerTools) on a regular basis away.

Read the related blog post ->

If you migrate to TFS 2015 or 2017 then your migrated process will not configure a retention policy by default.
In environments with lots of projects, having to configure each one individually can be quite a big admin overhead.

Luckily the REST API lets you automate the process in this case.

REST API Page ->

When looking at the REST request closely, you will see that it requires you to supply a project name and a collection name. (if applicable)

PATCH https://{instance}/DefaultCollection/{project}/_apis/test/resultretentionsettings?api-version={version}

You can use a PowerShell script like this to get a list of projects (in a collection):

# tfs server uri
$accountname = "localhost:8080/tfs"

# for vsts it is always 'DefaultCollection'
$collectionName = "DefaultCollection"

# Converting PAT into format required by the request header
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$pat)))

# replace http with https as required
$call = "http://" + $accountname + "/" + $collectionName + "/_apis/projects"
$result = Invoke-RestMethod -Uri $call -Method Get -ContentType "application/json" -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)}

# $result.value will contain a list of project objects

What is a PAT?
It’s a Personal Access Token, which is a secondary set of credentials that a user can generate in TFS 2017 (Requirements) or VSTS.

When do I use what?
If you are targeting TFS 2015, NTLM, Kerberos, or Basic authentication can be used. Personal access token is not an option.

In TFS 2017, using a personal access token is recommended if your environment supports Personal Access Token.

In VSTS, you can use PAT, or – preferably – OAuth.