Migrate users from forms based authentication to SharePoint 2010 claim based

During migration from SharePoint 2007 to 2010 you will need to migrate the users as well. the most “unclear” part is how to migrate Forms based users to claim based authentication. The internal names stored in SharePoint are different so you will be unable to use the old names and passwords to login unless you migrate. ASP .Net users use the format “providername:username” while the claim based authentication uses the format “i:0#.f|providername|username”.

After setting-up your web application and finalize the configuration, run the following powershell script. I highlighted where you will need to change certain strings to correctly work in your environment…

#here, you will need to change the URL to that new portal, old provider name and new provider name
$url =”http://myformsbasedportal.com

$oldprovidername = “myoldprovidername”

$newprovidername = “mynewprovidername”

# get all users in the site, this includes iwindows users
$users = get-spuser -web $url -Limit ALL

foreach($useriteration in $users)
{
     $a=@()
     $userlogin = $useriteration.UserLogin

    # Skip if the user login contains “” for windows users, and skip also if the user  login starts with “i:0#.f|” which is either new user or already migrated
    if( $userlogin.StartsWith(“i:0#.f|”) -or $userlogin.Contains(“”) -or $userlogin.Contains(“|”) )
    {
          continue;
    } 

    # get the user login name
    $a = $userlogin.split(“:”)
    $username = $a[1] 
 
    # perform the actual migration by getting the user and Move the user
    $user = Get-SPUser -web “$url” -Identity “$oldprovidername:$username”
    Move-SPUser -IgnoreSID -Confirm:$false -Identity $user -NewAlias “i:0#.f|$newprovidername|$username”

    # Log
    Write-Host “converted user kacstmp:$username to i:0#.f|$newprovidername|$username”

}

 

 

Leave a Reply