Convert Sharepoint 2013 Classic Authentication App/Database to Claims?


  • Afternoon All

    We upgraded our sharepoint installation from WSS 3.0 to 2013 via the detach, attach method. It was upgraded to SP 2010 and then to 2013, however we kept our content DB and site (WSS_Content) default DB as classic authentication.

    Permissions are set via AD as normal (classic), what is the recommended precautions and steps to take to convert our sharepoint site/ database to claims, while retaining all permissions?

    I know there is the convert cmdlet with the -RetainPermissions argument but do not want to have to do a restore due to something going wrong and all my users getting locked out.



    Wednesday, April 5, 2017 2:23 PM

All replies

  • You still set permissions as you would with classic, it's just SAML aware once converted to claims nomenclature.  Once you convert the web application to be claims aware, the process in the background loops through the userinfo table in the content database(s) and converts them from classic nomenclature to claims, you shouldn't lose any access as long as you follow the steps in this article:

    Convert classic to claims

    MCITP-EA | "Never test how deep the water is with both feet"

    Wednesday, April 5, 2017 3:06 PM
  • Thanks Ryan, FYI, we are already running sharepoint 2013, so by running the command in the 2013 section with the -retainpermissions argument, that should just work ok right?
    Wednesday, April 5, 2017 3:42 PM
  • Yes, I believe all the -retainpermissions switch does is keep existing perms at the access policy web app level, not content.  Could be wrong but I know it doesn't affect content, in either case it won't hurt anything to run the convert command with that switch.  Once it finishes you'll just want to verify the access policy looks right (updated claims accounts are there etc.) and if for some reason they are not, add them etc.

    MCITP-EA | "Never test how deep the water is with both feet"

    • Edited by ThatGuyRyan Wednesday, April 5, 2017 3:46 PM
    Wednesday, April 5, 2017 3:45 PM

  • The following command will convert all permissions from Classic to Claims:

    Convert-SPWebApplication -Identity http://url -From Legacy -To Claims -RetainPermissions:$true

    That covers *all* permissions, including content. This also does not make it 'SAML aware', it simply converts it to Windows Claims.

    Trevor Seward

    Office Servers and Services MVP

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, April 5, 2017 4:02 PM