kwizcom banner advertisement

Change SharePoint Authentication from Classic Mode to Claims Based

As SharePoint 2013 and SharePoint 2016 requires claims authentication for most of its functionalities like Office web Apps, its mandatory to migrate to claims if your SharePoint 2010 is using classic mode authentication. Please note, you'll have to convert the authentication mode before moving the database from SharePoint 2010 to SharePoint 2013 (or you'll have to create a SharePoint 2013 web application in classic mode, backup the database from SharePoint 2010 and restore to SharePoint 2013 and then convert the authentication mode). Lets change SharePoint authentication from classic mode claims based.

Migrate from classic-mode to claims-based authentication in SharePoint Server 2010 with PowerShell
PowerShell can help to convert classic mode authentication to claims based authentication for SharePoint 2010. Here is the script:
Take a backup before converting from Classic to Claims authentication - Because you can't revert back from Claims to classic mode authentication!
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

$WebAppURL = "http://sharepoint2010.crescent.com/"
$accountid = "crescent\SPAdmin"

#Get the web application
$WebApp = Get-SPWebApplication $WebAppURL
#convert classic mode authentication to claims based authentication sharepoint 2010
$WebApp.UseClaimsAuthentication = $true
$WebApp.Update()

$account = (New-SPClaimsPrincipal -identity $accountid -identitytype 1).ToEncodedString()
#Crate FULL Access Web Application User Policy
$ZonePolicies = $WebApp.ZonePolicies("Default")
$Policy = $ZonePolicies.Add($account,"PSPolicy")
$FullControl=$WebApp.PolicyRoles.GetSpecialRole("FullControl")
$Policy.PolicyRoleBindings.Add($FullControl)
$WebApp.Update()

#Migrate users from Classic to Claims
$WebApp.MigrateUsers($true)
$WebApp.ProvisionGlobally()
Best practice: In SharePoint 2010, change classic mode authentication to claims-based authentication first, and then migrate SharePoint 2010 to SharePoint 2013.

Switch from classic to claims-based authentication during backup-restore:
This is also applicable when you export-import or backup-restore sites between different web applications where the source web application uses Classic Authentication but the destination web application is configured to use Windows Claims!
Change SharePoint Authentication from Classic Mode to Claims Based

How to Check the web application's authentication mode:
Go to Central Administration >> Manage web applications and click on the site you’re planning to enable CBA. Under Web Applications tab click on the Authentication Providers icon and a small window will pop-up with "Claims Based Authentication"

You can also try the PowerShell cmdlet for classic to claims authentication in SharePoint 2013:
(Get-spwebapplication "http://sharepoint2010.crescent.com").UseClaimsAuthentication

If you are migrating from classic-mode to claims-based authentication in SharePoint 2013, You can use: Convert-SPWebApplication cmdlet as well.
Change SharePoint Authentication from Classic Mode to Claims Based Change SharePoint Authentication from Classic Mode to Claims Based Reviewed by Salaudeen Rajack on 7:15 PM Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.