Team blog of MCS @ Middle East and Africa

This blog is created by Microsoft MEA HQ near shoring team, and it aims to share knowledge with the IT community.With its infrastructure and development sides,It brings to you the proven best practices and real world experiences from Subject Matter Experts
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Migrate users from forms based authentication to SharePoint 2010 claim based

Migrate users from forms based authentication to SharePoint 2010 claim based

  • Comments 8
  • Likes

During migration from SharePoint 2007 to 2010 you will need to migrate the users as well. the most "unclear" part is how to migrate Forms based users to claim based authentication. The internal names stored in SharePoint are different so you will be unable to use the old names and passwords to login unless you migrate. ASP .Net users use the format "providername:username" while the claim based authentication uses the format "i:0#.f|providername|username".

After setting-up your web application and finalize the configuration, run the following powershell script. I highlighted where you will need to change certain strings to correctly work in your environment...

#here, you will need to change the URL to that new portal, old provider name and new provider name
$url ="http://myformsbasedportal.com"

$oldprovidername = "myoldprovidername"

$newprovidername = "mynewprovidername"

# get all users in the site, this includes iwindows users
$users = get-spuser -web $url -Limit ALL

foreach($useriteration in $users)
{
     $a=@()
     $userlogin = $useriteration.UserLogin

    # Skip if the user login contains "\" for windows users, and skip also if the user  login starts with "i:0#.f|" which is either new user or already migrated
    if( $userlogin.StartsWith("i:0#.f|") -or $userlogin.Contains("\") -or $userlogin.Contains("|") )
    {
          continue;
    } 

    # get the user login name
    $a = $userlogin.split(":")
    $username = $a[1] 
 
    # perform the actual migration by getting the user and Move the user
    $user = Get-SPUser -web "$url" -Identity "$oldprovidername:$username"
    Move-SPUser -IgnoreSID -Confirm:$false -Identity $user -NewAlias "i:0#.f|$newprovidername|$username"

    # Log
    Write-Host "converted user kacstmp:$username to i:0#.f|$newprovidername|$username"

}

 

 

Comments
  • I ran the script and changed the values as suggested and still my users name shows with oldmembership provider name in sites.

  • I ran the script and changed the values as suggested and still my users name shows with oldmembership provider name in sites.

  • This does work for ASP .Net membership users only, you will need to change it if your users are active directory based

  • Hi Ahmed,

    Thank you very much for your blog post. We are using AD LDS as our membership provider and we were planning to use this script to migrate users from FBA to CBA. However we were stuck by some other problems.

    Meanwhile, I found your comment about changing the script for non ASP.NET membership providers. Could you please tell me why and what kind of changes I should make?

  • Hi Krishh, this is because each provider has its own format for users login names. so, if you are using AD for example, the names should change from "OldDomain\UserLogin" to "NewDomain\UserLogin". You need to know the format of the login names and change the lines in the script to use such formats.

  • Very useful script. I edited it to suit my needs though here

    social.technet.microsoft.com/.../a19f8261-7519-44fa-9a59-c9ee22e1dc89

  • This might work for LDAP users

    # FileName: spMigrateUser.ps1

    # Name: spMigrateUser.ps1

    # Version: 1.0

    # Author: Lognoul Marc (lognoulm@hotmail.com)

    # Description: Reproduces the behavior of the command STSADM -o migrateuser. More added value to come (batch migration and subsequent updates.

    # Tested with: Windows 2003 SP3, Windows 2008 SP2, WSS SP2, MOSS SP2

    # Dependencies: Assemblies Microsoft.SharePoint and Microsoft.SharePoint.Administration

    [Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")

    [Void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Administration")

    $OldLogin = "DOMAIN\USER"

    $NewLogin = "DOMAIN\USER"

    $EnforceSidHistory = $False

    $spFarm = [Microsoft.SharePoint.Administration.SPfarm]::Local

    $spFarm.MigrateUserAccount($OldLogin, $NewLogin, $EnforceSidHistory)

  • Hi Ahmed,

                      I have been working on this from couple of days ,Please view the link and if possible contact me on siddiqali87@gmail.com.Hope you reply me

    social.msdn.microsoft.com/.../5629dc3c-30cb-447d-8f75-853857db35e6

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment