Export (0) Print
Expand All

Migration of Windows claims authentication to SAML-based claims authentication in SharePoint Server 2013

SharePoint 2013
 

Applies to: SharePoint Server 2013

Topic Last Modified: 2014-05-07

Summary: Learn how to migrate from Windows claims authentication to SAML-based authentication in SharePoint 2013.

Identifies the steps required to migrate a web application that is going from Windows claims authentication to SAML-based authentication in SharePoint 2013.

To run the identity migration, follow these steps:

NoteNote:
These steps apply only to existing web applications.
  • Generate a skip list.

  • Run the migration against the web application that has one or more content databases.

A skip list is comma-separated values file (.csv file) that has records to exclude during the identity migration. For example, it is necessary to exclude certain service applications or certain domain accounts.

To migrate a web application to include all the content databases by using Windows PowerShell
  1. Check that you have the following memberships:

    • The securityadmin fixed server role on the SQL Server instance.

    • The db_owner fixed database role on all databases that are to be updated.

    • The Administrators group on the server on which you are running Windows PowerShell cmdlets.

    • Read about_Execution_Policies.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  2. To migrate a web application to include all content databases, type the following at the Windows PowerShell command prompt.

    $wa = Get-SPWebApplication -Identity <Name of web application>
    
    $tp= Get-SPTrustedIdentityTokenIssuer "RegularUsers"
    
    Convert-SPWebApplication -Identity $wa -TO CLAIMSTRUSTEDDEFAULT -FROM CLAIMSWINDOWS -TrustedProvider $tp -sourceskiplist skip.csv
    
To migrate specific web applications and content databases by using Windows PowerShell
  1. Check that you have the following memberships:

    • The securityadmin fixed server role on the SQL Server instance.

    • The db_owner fixed database role on all databases that are to be updated.

    • The Administrators group on the server on which you are running Windows PowerShell cmdlets.

    • Read about_Execution_Policies.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  2. To migrate specific web applications and content databases, type the following at the Windows PowerShell command prompt.

    $database = Get-SPContentDatabase -Identity <DB_Name>
    
    Convert-SPWebApplication -Identity $app -from CLAIMS-WINDOWS -to CLAIMS-TRUSTED-DEFAULT -database $database -sourceskiplist skip.csv
    

Where:

  • <Identity> is the name of the content database—for example, DB_Name.

If you want to reverse the migration process, type the following at the Windows PowerShell command prompt.

Convert-SPWebApplication -Identity $wa -From CLAIMS-TRUSTED-DEFAULT -To CLAIMS-WINDOWS -SourceSkipList $skipFile -database $database

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft