Solved

SharePoint migrated user not allowed access

Posted on 2012-04-05
2
1,099 Views
Last Modified: 2012-08-13
I have moved a SharePoint 2007 Site, Content Database, from one domain to another running SharePoint Foundation 2010. I created an account in the new domain for the user and then ran:

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user

After doing so I received the error:

New user account does not have valid SID history.

I then ran

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user -ignoresidhistory

The user information was updated in the Content Database and the user shows up on the site in the correct Group with the new domain account when I view the properties.

The two issues I have are that
1.I can log into the site with the account but get an Access Denied message to content that the olduser had access to
2.The user does not show as valid in the People Picker, red squiggly line, once picked from the group they belong to and show up as a member of

Any thoughts as to how to resolve these issues?

UPDATE - The new site is using Claims Based Authentication which is the preferred authentication method. If I create the site using Classic Mode Authentication then the migration works as expected. So how can I migrate the users to the Claims Based Authentication?
0
Comment
Question by:martinjamesd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Accepted Solution

by:
QPR earned 500 total points
ID: 37814814
0
 

Author Closing Comment

by:martinjamesd
ID: 37814856
I figured out what to do before you posted but you were on the right track. Basically the process is to
1. Create the new site using Classic and not Claims Based Authentication
2. Create the user accounts in the new  Domain
3. Use ststadm -o migrateuser to migrate the old account to the new
4. Convert the new site to claims and then again migrate the users to Claims using the following script

$WebAppName = "https://app"
 
#THIS SHOULD BE THE ACCOUNT THAT IS RUNNING THIS SCRIPT, WHO SHOULD ALSO BE A LOCAL ADMIN
$account = "DOMAIN\User"
 
$wa = get-SPWebApplication $WebAppName
 

Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
# this will prompt about migration, CLICK YES and continue
 
#This step will set the admin for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
 
#Once the user is added as admin, we need to set the policy so it can have the right access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
 
#Final step is to trigger the user migration process
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question