Solved

SharePoint migrated user not allowed access

Posted on 2012-04-05
2
1,057 Views
Last Modified: 2012-08-13
I have moved a SharePoint 2007 Site, Content Database, from one domain to another running SharePoint Foundation 2010. I created an account in the new domain for the user and then ran:

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user

After doing so I received the error:

New user account does not have valid SID history.

I then ran

stsadm -o migrateuser -oldlogin DOMAINA\user -newlogin DOMAINB\user -ignoresidhistory

The user information was updated in the Content Database and the user shows up on the site in the correct Group with the new domain account when I view the properties.

The two issues I have are that
1.I can log into the site with the account but get an Access Denied message to content that the olduser had access to
2.The user does not show as valid in the People Picker, red squiggly line, once picked from the group they belong to and show up as a member of

Any thoughts as to how to resolve these issues?

UPDATE - The new site is using Claims Based Authentication which is the preferred authentication method. If I create the site using Classic Mode Authentication then the migration works as expected. So how can I migrate the users to the Claims Based Authentication?
0
Comment
Question by:martinjamesd
2 Comments
 
LVL 29

Accepted Solution

by:
QPR earned 500 total points
ID: 37814814
0
 

Author Closing Comment

by:martinjamesd
ID: 37814856
I figured out what to do before you posted but you were on the right track. Basically the process is to
1. Create the new site using Classic and not Claims Based Authentication
2. Create the user accounts in the new  Domain
3. Use ststadm -o migrateuser to migrate the old account to the new
4. Convert the new site to claims and then again migrate the users to Claims using the following script

$WebAppName = "https://app"
 
#THIS SHOULD BE THE ACCOUNT THAT IS RUNNING THIS SCRIPT, WHO SHOULD ALSO BE A LOCAL ADMIN
$account = "DOMAIN\User"
 
$wa = get-SPWebApplication $WebAppName
 

Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
# this will prompt about migration, CLICK YES and continue
 
#This step will set the admin for the site
$wa = get-SPWebApplication $WebAppName
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
 
#Once the user is added as admin, we need to set the policy so it can have the right access
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
 
#Final step is to trigger the user migration process
$wa = get-SPWebApplication $WebAppName
$wa.MigrateUsers($true)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now