Solved

SharePoint migrated user not allowed access

Posted on 2012-04-05
2
1,040 Views
Last Modified: 2012-08-13
I have moved a SharePoint 2007 Site, Content Database, from one domain to another running SharePoint Foundation 2010. I created an account in the new domain for the user and then ran:

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user

After doing so I received the error:

New user account does not have valid SID history.

I then ran

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user -ignoresidhistory

The user information was updated in the Content Database and the user shows up on the site in the correct Group with the new domain account when I view the properties.

The two issues I have are that
1.I can log into the site with the account but get an Access Denied message to content that the olduser had access to
2.The user does not show as valid in the People Picker, red squiggly line, once picked from the group they belong to and show up as a member of

Any thoughts as to how to resolve these issues?

UPDATE - The new site is using Claims Based Authentication which is the preferred authentication method. If I create the site using Classic Mode Authentication then the migration works as expected. So how can I migrate the users to the Claims Based Authentication?
0
Comment
Question by:martinjamesd
2 Comments
 
LVL 29

Accepted Solution

by:
QPR earned 500 total points
Comment Utility
0
 

Author Closing Comment

by:martinjamesd
Comment Utility
I figured out what to do before you posted but you were on the right track. Basically the process is to
1. Create the new site using Classic and not Claims Based Authentication
2. Create the user accounts in the new  Domain
3. Use ststadm -o migrateuser to migrate the old account to the new
4. Convert the new site to claims and then again migrate the users to Claims using the following script

$WebAppName = "https://app"
 
#THIS SHOULD BE THE ACCOUNT THAT IS RUNNING THIS SCRIPT, WHO SHOULD ALSO BE A LOCAL ADMIN
$account = "DOMAIN\User"
 
$wa = get-SPWebApplication $WebAppName
 

Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
# this will prompt about migration, CLICK YES and continue
 
#This step will set the admin for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
 
#Once the user is added as admin, we need to set the policy so it can have the right access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
 
#Final step is to trigger the user migration process
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now