Change SharePoint Authentication from Classic Mode to Claims Based

As SharePoint 2013 and SharePoint 2016 requires claims authentication for most of its functionalities like Office web Apps, its mandatory to migrate to claims if your SharePoint 2010 is using classic mode authentication. Please note, you’ll have to convert the authentication mode before moving the database from SharePoint 2010 to SharePoint 2013 (or you’ll have to create a SharePoint 2013 web application in classic mode, backup the database from SharePoint 2010 and restore to SharePoint 2013 and then convert the authentication mode). Lets change SharePoint authentication from classic mode claims based.

Migrate from classic-mode to claims-based authentication in SharePoint Server with PowerShell

PowerShell can help to convert classic mode authentication to claims-based authentication for SharePoint 2010. Here is the script:

Take a backup before converting from Classic to Claims authentication – Because you can’t revert back from Claims to classic mode authentication!
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

$WebAppURL = "https://sharepoint2010.crescent.com/"
$accountid = "crescent\SPAdmin"

#Get the web application
$WebApp = Get-SPWebApplication $WebAppURL
#convert classic mode authentication to claims based authentication sharepoint 2010
$WebApp.UseClaimsAuthentication = $true
$WebApp.Update()

$account = (New-SPClaimsPrincipal -identity $accountid -identitytype 1).ToEncodedString()
#Crate FULL Access Web Application User Policy
$ZonePolicies = $WebApp.ZonePolicies("Default")
$Policy = $ZonePolicies.Add($account,"PSPolicy")
$FullControl=$WebApp.PolicyRoles.GetSpecialRole("FullControl")
$Policy.PolicyRoleBindings.Add($FullControl)
$WebApp.Update()

#Migrate users from Classic to Claims
$WebApp.MigrateUsers($true)
$WebApp.ProvisionGlobally()

Best practice: In SharePoint 2010, change classic mode authentication to claims-based authentication first, and then migrate SharePoint 2010 to SharePoint 2013.

Switch from classic to claims-based authentication during backup-restore:

This is also applicable when you export-import or backup-restore sites between different web applications where the source web application uses Classic Authentication, but the destination web application is configured to use Windows Claims!

Change SharePoint Authentication from Classic Mode to Claims Based

How to Check the web application’s authentication mode?

Go to Central Administration >> Manage web applications and click on the site you’re planning to enable CBA. Under the Web Applications tab click on the Authentication Providers icon and a small window will pop up with “Claims Based Authentication”

You can also try the PowerShell cmdlet for classic to claims authentication in SharePoint 2013:

(Get-spwebapplication "https://sharepoint2010.crescent.com").UseClaimsAuthentication

If you are migrating from classic-mode to claims-based authentication in SharePoint 2013, You can use: Convert-SPWebApplication cmdlet as well.

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *