Migrating a Web Application from Windows Classic to Windows Claims in SharePoint 2010

Hey all, this question came up recently about what do I do if I have a web application that is using Windows classic authentication and I want to change it to use Windows claims?  It could be that you started in Windows classic and now want to move to claims, or maybe you had a SharePoint 2007 site that you upgraded.  I did this in a relatively small test case yesterday and wanted to share the the process and things I looked at.

First, an important warning:  ONCE YOU GO TO CLAIMS, YOU CANNOT GO BACK TO CLASSIC!   Make sure you have good backups (I backed up my content database in SQL and my web application in central admin) before you get started.  I strongly recommend that you try this in a lab first before moving into production.

Now with our caveats out of the way, the process itself is fairly straightforward.  Four lines of PowerShell and a little time should get you there.  Here is the PowerShell:

**** UPDATE ****

See https://blogs.technet.com/b/speschka/archive/2010/07/20/migrating-from-windows-classic-auth-to-windows-claims-auth-in-sharepoint-2010-part-2.aspx for a new set of steps to follow.

$w = Get-SPWebApplication "https://<server>/"
$w.UseClaimsAuthentication = "True"
$w.Update()
$w.MigrateUsers("True")

MigrateUsers runs in a timer job, so you may need to wait a bit for it to complete.  Once I was done I verified things like:

  • Users could log in – both users that were added individually as well as those that were part of an AD group that had been added to a SharePoint group
  • The My Tasks view of a task list still worked – items that had been assigned to me as a classic auth user are still showing up in My Tasks (i.e. it understands that claims Steve used to be classic Steve)
  • My out of the box approval workflows that were in process still worked – I was able to complete them successfully
  • My custom SharePoint Designer workflows that were in process still worked – I was able to complete them successfully
  • I was able to create new instances of both out of the box and custom SharePoint Designer workflows
  • I was able to successfully crawl the web application
  • I was able to successfully query the contents from that crawl

I have noticed one anomaly so far – when I create a new alert in the site it says it is created successfully (I even get an email telling me it did so), but when I go to manage my alerts it doesn’t show up in the list.  Also changes do not generate an alert email.  If/when I find other anomalies I’ll try and update this post.