Solved

Add claims based secondary site collection admin Sharepoint 2013

Posted on 2016-09-09
7
62 Views
Last Modified: 2016-09-27
Claims based authentication for application is working and i can add claims to sharepoint group, but can i configure claims secondary site admin. I have tried but gives me error that it can't find user, see the attached screenshot.
2016-09-09-10_31_15-Clipboard.jpg
0
Comment
Question by:oompaloompa
  • 5
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 41791388
Grant User Site Admin Privileges
The following PowerShell code can be used to promote a user to be a site administrator for a site collection. This should be run in the context of an account that has permission for this change.

$Web = Get-SPWeb http://webapp.com/sites/users-site
$User - Get-SPUser -Web $Web -identity "i:05.t|saml provider|username@webapp.com"
$User.IsSiteAdmin=$true
$User.update()

Here are few other checks that can be run to assist the process:
After getting the web object with Get-SPWeb, check the claim string by using $Web.SiteUser with a filter, as shown here:

$Web.SiteUsers | ?{$_.UserLogin -like "*username*"} | ft -a

The results of that query shows the string which can be used in the Get-SPUser cmdlet. (Copy and paste save some typing and can be more accurate.)

It is also possible to confirm that the user is a site admin by using this line in the appropriate location:

$User.IsSIteAdmin

(Results will be true of false.)


Hope that helps...
0
 

Author Comment

by:oompaloompa
ID: 41792281
User doesn't exists in SP, it is not a domain user so i can't resolve it, i get returned claims for the user

"Get-SPUser : You must specify a valid user object or user identity.
At line:1 char:9"

2016-09-10-09_23_48-.png
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 41792661
If the user is not in SharePoint, then you cannot add as a site admin. If the user is not a member of the domain, unless you have some type of authentication mechanism for the user, you can't add to SharePoint.

What you want to do may not be possible to do.

Good luck...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:oompaloompa
ID: 41793943
i have authentication mechanism outside of sharepoint, users are redirected to authenticate and then redirected back to sharepoint.

So there is no way to add secondary site collection admin based on claims that i got returned from third party sts ?
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 41794080
Yes, if SharePoint sees it as a user when it comes from the third party sts, you can do anything you want with it in SharePoint. If it is not seen as a user then you can't do anything with it. If powershell can't find it, then maybe it is not being passed from the sts provider correctly or as you think it is. Make sure you are using the same user name and claims string that the sts provider is passing.

Good luck...
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 41800916
Any luck?
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 41817783
Thanks
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
We had a requirement to extract data from a SharePoint 2010 Customer List into a CSV file and then place the CSV file into a directory on the network so that the file could be consumed by an AS400 system. I will share in Part 1 how to Extract the Da…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question