Migrate users and permissions from MOSS 2007 FBA to SharePoint 2010 FBA
This article will help you to migrate MOSS 2007 FBA to SharePoint 2010 claims based web application configured with FBA and successfully access the MOSS 2007 FBA site in SharePoint 2010 after migration.
If you have a MOSS 2007 FBA site using ASPNetMemberShip provider, for migrating to SharePoint 2010, you need to update the STS web.config file as mentioned in my earlier blog.
After successfully attaching the content database to the Claims based SharePoint 2010 FBA site, you will be able to add the users (NT users and the FBA users) through the Central Admin site. But when you try to browse to the site, you get access denied using both the NT users and the FBA users.
This is because the users trying to login to the Claims based SharePoint 2010 FBA site are not claims aware and the hence you will need to convert the existing Web applications to claims authentication and then migrate users and permissions from SharePoint Server 2007 to SharePoint Server 2010.
Convert the existing Web applications to claims authentication, follow the steps below :
1. On the Start menu, click All Programs.
2. Click Microsoft SharePoint 2010 Products.
3. Click SharePoint 2010 Management Shell.
4. From the Windows PowerShell command prompt, type the following:
$w = Get-SPWebApplication "https://<server>/"
$w.UseClaimsAuthentication = 1
$w.Update()
$w.ProvisionGlobally()
For migrating users and permissions from SharePoint Server 2007 to SharePoint Server 2010, follow the below steps:
1. On the Start menu, click All Programs.
2. Click Microsoft SharePoint 2010 Products.
3. Click SharePoint 2010 Management Shell.
4. From the Windows PowerShell command prompt, type the following:
$w = Get-SPWebApplication "https://<server>/"
$w.MigrateUsers(1)
These steps are echoed from the following TechNet article :
Configure forms-based authentication for a claims-based Web application (SharePoint Server 2010)
For more information, please refer Configure the security token service and Brokered Authentication: Security Token Service (STS)
Comments
Anonymous
December 08, 2010
This command doesn't work well with a LDAP Role Provider, instead of migrate the roles like "c:0-.f|[roleprovidername]|[rolename]" it's migrating them like a user, for example "i:0#.f|[roleprovidername]|[rolename]"Anonymous
April 24, 2012
So you First have to configure the Web app as FBA (modify 3 Web config files) and later attach the content database? Is this the right order? Than youAnonymous
May 02, 2012
Hi, I have migrated MOSS 2007 to SharePoint 2010. The problem i am facing is while loging into SharePoint sites. The only user who can login is the site collection administrator. I have gone through your post and perform the same as mentioned by you. Now i am unable to login even by site collection administrator. Need your help. Note: note that when i have migrated the stuff from MOSS 2007 to SharePoint 2010. I observed that the users were displaying as: aspnetsqlmembershipprovider:username@domain.com on the other hand, the users must be displayed as : i:0#.f|aspnetsqlmembershipprovider|username@domain.com