Wednesday, May 16, 2012

Classic mode to Claims mode migration

On an existing web application that is configured o run in Classic Mode authentication, if NTLM is the authentication provider, if you want to switch to Claims, you need to run the following script:

$WebAppName = "http://serverurl"
$account =
$wa = get-SPWebApplication $WebAppName

Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default

--wait here for the prompt to migrate users and answer YES

$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$wa = get-SPWebApplication $WebAppName

In order to test if this has gone through:
  • check the web.config, if the new Membership Provider section for Claims has been added
  • log in as a site user, make sure that if you navigate to My Settings, you see the token format of the user, rather than domain\user
  • go to Central Administration and check that the Default Zone is set to Claims
  • in Central Administration, make sure in User Profiles that there are no duplicate accounts (the migration part of this script should take care of this)

No comments:

Post a Comment