Solved

SharePoint migrated user not allowed access

Posted on 2012-04-05
2
1,073 Views
Last Modified: 2012-08-13
I have moved a SharePoint 2007 Site, Content Database, from one domain to another running SharePoint Foundation 2010. I created an account in the new domain for the user and then ran:

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user

After doing so I received the error:

New user account does not have valid SID history.

I then ran

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user -ignoresidhistory

The user information was updated in the Content Database and the user shows up on the site in the correct Group with the new domain account when I view the properties.

The two issues I have are that
1.I can log into the site with the account but get an Access Denied message to content that the olduser had access to
2.The user does not show as valid in the People Picker, red squiggly line, once picked from the group they belong to and show up as a member of

Any thoughts as to how to resolve these issues?

UPDATE - The new site is using Claims Based Authentication which is the preferred authentication method. If I create the site using Classic Mode Authentication then the migration works as expected. So how can I migrate the users to the Claims Based Authentication?
0
Comment
Question by:martinjamesd
2 Comments
 
LVL 29

Accepted Solution

by:
QPR earned 500 total points
ID: 37814814
0
 

Author Closing Comment

by:martinjamesd
ID: 37814856
I figured out what to do before you posted but you were on the right track. Basically the process is to
1. Create the new site using Classic and not Claims Based Authentication
2. Create the user accounts in the new  Domain
3. Use ststadm -o migrateuser to migrate the old account to the new
4. Convert the new site to claims and then again migrate the users to Claims using the following script

$WebAppName = "https://app"
 
#THIS SHOULD BE THE ACCOUNT THAT IS RUNNING THIS SCRIPT, WHO SHOULD ALSO BE A LOCAL ADMIN
$account = "DOMAIN\User"
 
$wa = get-SPWebApplication $WebAppName
 

Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
# this will prompt about migration, CLICK YES and continue
 
#This step will set the admin for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
 
#Once the user is added as admin, we need to set the policy so it can have the right access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
 
#Final step is to trigger the user migration process
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question