Convert my sites Primary Site Collection Administrators to ADFS

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/233431

Question

We converted our SharePoint 2013 environment to ADFS. I forgot to copy the prod versions of the my sites content DBs to the staging before the conversion. I was able to get the DBs copied over via this post here:

stack post

However, when I access the site collections in Central Admin, they have the NTLM user account as the Primary Site Collection Administrators instead of the ADFS account. When I try to access the my site url, I get "user not found". When I update the Primary Site Collection Administrators to the ADFS account, I can access the my site.

My question is, how to I change the primary site collection admins in central admin to the ADFS account without having to manually do each one? We have thousands. I have already converted the UPA to pull in the ADFS accounts and migrated all the users in the standard site collection to ADFS. I don't know if copying the my site DBs over after the conversion is the issue or if I am missing a step.

Thanks.

Was it helpful?

Solution

You can either use Convert-SPWebApplication to convert from Windows Claims to SAML Claims, or you can use Move-SPUser. Convert-SPWebApplication is probably the best route.

Migration of Windows claims authentication to SAML-based claims authentication in SharePoint Server 2013

OTHER TIPS

You can run the move-spuser against all users, here is nice script which will get the users from web application then convert them as required claims. (please test it first before directly applying to prod).

$groupprefix = "c:0-.t|awesome adfs|"

$userprefix = "i:05.t|awesome adfs|"

$usersuffix = "@awesomespaceships.com"

# Get all of the users in a web application

$users = Get-SPUser -web "https://sfb-sp15-wfe1:8080/"

# Loop through each of the users in the web app

foreach($user in $users)

{

# Create an array that will be used to split the user name

$a=@()

$userlogin = $user.UserLogin

$username = “”

if($userlogin.Contains("i:")) # for users

{

$a = $userlogin.split('\')

$username = $userprefix + $a[1] + $usersuffix

}

elseif($userlogin.Contains("c:")) # for groups

{

$a = $displayname.split('\')

$username = $groupprefix + $a[1]

}

if ($userName -Like ("*" + [Environment]::UserName +"*")) {

Write-Host "Skipping this user '$user' so as to not loose SPA full-control rights..."

}

else{

if ($userName -ne '') {

Write-Host "Moving '$user' to '$username'..."

Move-SPUser –Identity $user –NewAlias $username -ignoresid -Confirm:$false

}

}

}
Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top