SharePoint 2013 – Migrate Classic Mode to Claims based authentication
SharePoint 2013 – Migrate Classic Mode to Claims based authentication
If you plan to migrate / convert an existing classic mode web application to an claims based web application then please follow the following TechNet article.
Example:
Convert-SPWebAplication -Identity "http://<webAppliationUrl>:port" -From LEGACY -To CLAIMS -RetainPermissions
It’s important to use the parameter -RetainPermissions to keep all existing permissions.
In case if you configured an SuperUser and / or SuperReader user on your migrated web application then it is possible, that you receive the following error message during opening any sites:
Sorry, this site hasn’t been shared with you.
This is because the posted command above will not migrate the SuperUser and SuperReader users. That means they are still configured in old classic mode style.
The following steps are required to update these users.
- Open Central Administration
- Go to Application Managment –> Manage Web Application –> here select the migrated Web Application
- Click on User Policy and remove the old SuperUser and SuperReader accounts
- Click on Add Users and re-add the accounts. (SuperUser = Full Control | SuperReader = Full Read)
This should change the account format from old “domain\username” to “I:0#.w|domain\username”.
Next you also need to update the users in the property bag of your web application:
$wa = Get-SPWebApplication -Identity "http://<webApplicationUrl>" $wa.Properties["portalsuperuseraccount"] = "i:0#.w|domain\accountName" $wa.Properties["portalsuperreaderaccount"] = "i:0#.w|domain\accountName" $wa.Update()
Afterwards you have to execute an IISRESET and then your web application should work again.
