locked
User Access Issue - SharePoint 2013 RRS feed

  • Question

  • Hello,

    I migrated to SharePoint 2013  from SharePoint 2010 recently in Dev and QA.

    The issue is that we had classic authentication in SharePoint 2010 and claims based in SharePoint 2013.

    I cannot convert the SharePoint 2010 to claims as its running in production and I don't want to touch that.

    Now, I created a web app in SP 2013 using Central Admin and I guess its always claims based.

    I attached the database from 2010 and upgraded it and the sites are all working fine. But as we know the user access is gone even though users can be seen in the groups on the upgraded 2013 sites.

    I read about changing the superuser accounts in SP 2013. But I am confused. Can someone please mention the exact steps to resolve it, I earnestly request not to send me links to MS Technet articles or blogs but give me the steps here if its possible. Thanks in advance

    sangzswiss

    Wednesday, October 12, 2016 10:18 AM

Answers

  • Hi sangzswiss,

    To migrate a SharePoint 2010 classic-mode web application to a SharePoint 2013 claims-based web application, there are two ways to do that:

    1. Convert the SharePoint 2010 classic-mode web application to claims-based, then upgrade the claims-based web application to a SharePoint 2013 claims-based web application.

    2. Create a SharePoint 2013 classic-mode web application, migrate the SharePoint 2010 classic-mode web application to the SharePoint 2013 classic-mode web application, then convert the SharePoint 2013 classic-mode web application to claims-based.

    As you don't want to convert the SharePoint 2010 classic-mode web application to claims-based, you can choose the second option in the above.

    So, for that, you can do that:

    1. Create a SharePoint 2013 classic-mode web application using PowerShell:

    New-SPWebApplication -name "ClassicAuthApp" -Port <port> -ApplicationPool 
    "ClassicAuthAppPool" -ApplicationPoolAccount (Get-SPManagedAccount 
    "<domainname>\<user>")

    2. Attach the existing SharePoint 2010 Products content database to the new SharePoint 2013 classic-mode web application

    3. Use PowerShell cmdlets to convert the SharePoint 2013 classic-mode web application to claims-based:

    Convert-SPWebApplication -Identity <yourWebAppUrl> -To Claims 
    -RetainPermissions [ -Force]

    Thanks,

    Wendy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Victoria Xia Monday, October 17, 2016 9:06 AM
    • Marked as answer by Victoria Xia Friday, October 28, 2016 8:07 AM
    Thursday, October 13, 2016 7:17 AM

All replies

  • Hi,

    Have you updated migrated your web application to use the Claim authentication ?

    If not use this PS commands.

    $WebAppName = "http://yourWebAppUrl"
    $wa = get-SPWebApplication $WebAppName
    $wa.UseClaimsAuthentication = $true
    $wa.Update()


    Murugesa Pandian | MCPD | MCTS | SharePoint 2010 |

    Wednesday, October 12, 2016 1:10 PM
  • Hello Murugesa,

    When I created the web app in 2013, I used CA to do that so it is already in claims authentication.

    The issue is that the users who were moved when I did the DB attach from 2010 to 2013, they were all in classic mode. So do you think this powershell script would work on it?

    Thanks,

    sangzswiss

    Wednesday, October 12, 2016 1:47 PM
  • Yes,

    You should have migrated your SP2010 web application to Claims before migrating to SharePoint 2013. In this case, old classic authentication user signatures [ login name] still as it is in SP2013. When SP2013 trying to authenticate with Claim based signature, it consider as new user and thus error access denied.

    Try the above script and let us know how its progressing..


    Murugesa Pandian | MCPD | MCTS | SharePoint 2010 |


    Wednesday, October 12, 2016 2:06 PM
  • Hi sangzswiss,

    To migrate a SharePoint 2010 classic-mode web application to a SharePoint 2013 claims-based web application, there are two ways to do that:

    1. Convert the SharePoint 2010 classic-mode web application to claims-based, then upgrade the claims-based web application to a SharePoint 2013 claims-based web application.

    2. Create a SharePoint 2013 classic-mode web application, migrate the SharePoint 2010 classic-mode web application to the SharePoint 2013 classic-mode web application, then convert the SharePoint 2013 classic-mode web application to claims-based.

    As you don't want to convert the SharePoint 2010 classic-mode web application to claims-based, you can choose the second option in the above.

    So, for that, you can do that:

    1. Create a SharePoint 2013 classic-mode web application using PowerShell:

    New-SPWebApplication -name "ClassicAuthApp" -Port <port> -ApplicationPool 
    "ClassicAuthAppPool" -ApplicationPoolAccount (Get-SPManagedAccount 
    "<domainname>\<user>")

    2. Attach the existing SharePoint 2010 Products content database to the new SharePoint 2013 classic-mode web application

    3. Use PowerShell cmdlets to convert the SharePoint 2013 classic-mode web application to claims-based:

    Convert-SPWebApplication -Identity <yourWebAppUrl> -To Claims 
    -RetainPermissions [ -Force]

    Thanks,

    Wendy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Victoria Xia Monday, October 17, 2016 9:06 AM
    • Marked as answer by Victoria Xia Friday, October 28, 2016 8:07 AM
    Thursday, October 13, 2016 7:17 AM