ConvertClaims
<-- Authentication
Source:Steve Peschka
You can convert only via PowerShell Script. The account running the script must be a Local Administrator and have Full Control on the Web Application.
$WebAppName = "http://yourWebAppUrl" # THIS SHOULD BE THE ACCOUNT THAT IS RUNNING THIS SCRIPT, WHO SHOULD ALSO BE A LOCAL ADMIN $account = "yourDomain\yourUser" $wa = get-SPWebApplication $WebAppName Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default # this will prompt about migration, CLICK --YES-- and continue # This step will set the admin for the site $wa = get-SPWebApplication $WebAppName $account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString() # Once the user is added as admin, we need to set the policy so it can have the right access $zp = $wa.ZonePolicies("Default") $p = $zp.Add($account,"PSPolicy") $fc=$wa.PolicyRoles.GetSpecialRole("FullControl") $p.PolicyRoleBindings.Add($fc) $wa.Update() #Final step is to trigger the user migration process $wa = get-SPWebApplication $WebAppName $wa.MigrateUsers($true)
- Note: Reconfigure the portalsuperuseraccount and portalsuperreaderaccount properties of the web application to use the new claims-based account name. You can get that by looking at the web application policy for the web app after migration and copying from there.
- Note: Double-check the web application policies and make sure that the search crawl account shows the new converted account name. If it doesn't, you will need to manually create a new policy for the crawl account.
- Note: Once you convert the web application to use claim based authentication, you cannot return to classic mode authentication/
- Note: Full steps outlined in this TechNet Article
