Tuesday, December 16, 2014

Migrate from classic-mode to claims-based authentication in SharePoint 2013

Summary:Convert SharePoint 2010 Products or SharePoint 2013 classic-mode web applications to claims-based authentication or create new claims-based web applications in SharePoint 2013.
Claims-based authentication is an essential component to enable the advanced functionality of SharePoint 2013. To move classic-mode web applications from SharePoint 2010 Products to SharePoint 2013, you can convert them to claims-based web applications within SharePoint 2010 Products, and then migrate them to SharePoint 2013. The procedures in this article illustrate various supported scenarios.
The Windows PowerShell Convert-SPWebApplication cmdlet in SharePoint 2013 converts classic-mode web applications to claims-based web applications.
WarningWarning:
After you convert a web application to claims-based authentication, you cannot revert it to classic-mode authentication.

Convert SharePoint 2010 Products classic-mode web applications to claims-based authentication in SharePoint 2010 Products and then upgrade to SharePoint 2013

In SharePoint 2010 Products, complete the following procedure to convert an existing web application to claims-based authentication. After you convert the web application to claims-based authentication, complete the additional step to migrate the web application to SharePoint 2013. To complete this procedure, you need the following information:
  • The URL of the web application that you are converting: http://yourWebAppUrl
  • A user account to set as a site administrator: yourDomain\yourUser
To convert a SharePoint 2010 Products web application to claims-based authentication
  1. Verify that you have the following memberships:
    • securityadmin fixed server role on the SQL Server instance.
    • db_owner fixed database role on all databases that are to be updated.
    • Administrators group on the server on which you are running Windows PowerShell cmdlets.
    • You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
    • Add memberships that are required beyond the minimums above.
    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  2. From the Windows PowerShell command prompt, type the following to set the specified user account as an administrator for the site:
    $WebAppName = "http://<yourWebAppUrl>"
$wa = get-SPWebApplication $WebAppName
$wa.UseClaimsAuthentication = $true
$wa.Update()
    Where:
    • <yourWebAppUrl> is the URL of the web application.
  3. From the Windows PowerShell command prompt, type the following to configure the policy to enable the user to have full access:
    $account = "yourDomain\yourUser"
$account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
$wa = get-SPWebApplication $WebAppName
$zp = $wa.ZonePolicies("Default")
$p = $zp.Add($account,"PSPolicy")
$fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
$p.PolicyRoleBindings.Add($fc)
$wa.Update()
    For more information, see Get-SPWebApplication.
  4. From the Windows PowerShell command prompt, type the following to perform user migration:
    $wa.MigrateUsers($true)
  5. After user migration completes, type the following from the Windows PowerShell command prompt to perform provisioning:
    $wa.ProvisionGlobally()
    For more information, see New-SPClaimsPrincipal.
    NoteNote:
    We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.
After you complete the previous procedures, you might experience one or more of the following issues:
  • Users who submit valid credentials when accessing the migrated web application might be notified that they do not have permissions. If this occurs, theportalsuperuseraccount property and the portalsuperreaderaccount property of the web application were probably configured prior to migration. If this is the case, update the portalsuperuseraccount property and the portalsuperreaderaccount property to use the new claims-based account name. After migration, you can find the new claims-based account name in the web application policy for the migrated web application.
  • If existing alerts are not invoked after migration, you might have to delete and recreate the alerts.
  • If Search crawl does not function on the web application after migration, make sure that the Search crawl account lists the new converted account name. If the new converted account name is not listed, you must manually create a new policy for the crawl account.
To migrate a claims-based SharePoint 2010 Products web application to SharePoint 2013
  1. In SharePoint 2013, create a claims-based web application. For more information, see Create claims-based web applications in SharePoint 2013.
  2. Attach the two existing SharePoint 2010 Products content databases to the newly created SharePoint 2013 claims-based web application. For more information, seeAttach or detach content databases in SharePoint 2013.
    NoteNote:
    When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 claims-based web application, the databases will be upgraded to the SharePoint 2013 database format. You have to verify that the content databases work correctly after you attach them.

Convert SharePoint 2010 Products classic-mode web applications to SharePoint 2013 claims-based web applications

In SharePoint 2013, complete the following procedure to convert an existing SharePoint 2010 Products classic-mode web application to a SharePoint 2013 web application that uses claims-based authentication.
To convert a SharePoint 2010 Products classic-mode web application to a SharePoint 2013 claims-based authentication
  1. Verify that you have the following memberships:
    • securityadmin fixed server role on the SQL Server instance.
    • db_owner fixed database role on all databases that are to be updated.
    • Administrators group on the server on which you are running Windows PowerShell cmdlets.
    • You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
    • Add memberships that are required beyond the minimums above.
    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  2. In the SharePoint 2013 environment, on the Start menu, click All Programs.
  3. Click Microsoft SharePoint 2013 Products.
  4. Click SharePoint 2013 Management Shell.
  5. Change to the directory where you saved the file.
  6. At the Windows PowerShell command prompt, type the following command:
    New-SPWebApplication -name "ClassicAuthApp" -Port 100 -ApplicationPool 
"ClassicAuthAppPool" -ApplicationPoolAccount (Get-SPManagedAccount 
"<domainname>\<user>")
    Where:
    • <domainname>\<user> is the domain to which the server belongs and the name of the user account.
  7. Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 classic-mode web application. For more information, see Attach or detach content databases in SharePoint 2013.
    NoteNote:
    When you attach the SharePoint 2010 Products content databases to the SharePoint 2013 classic-mode web application, the databases are upgraded to the SharePoint 2013 database format. You have to verify that the content databases work correctly after you have attached them.
  8. From the Windows PowerShell command prompt, type the following:
    Convert-SPWebApplication -Identity <yourWebAppUrl> -To Claims 
-RetainPermissions [ -Force]
    Where:
    • <yourWebAppUrl> is the URL of the web application.
    NoteNote:
    Convert-SPWebApplication converts the web application to claims-based authentication. You have to verify that the users can access the web application after you have converted it.
  9. If necessary, attach a third SharePoint 2010 Products content database to the new SharePoint 2013 classic-mode web application, and verify that the content database working correctly after you have attached it.
  10. From the Windows PowerShell command prompt, type the following:
    Convert-SPWebApplication -Identity yourWebAppUrl -To Claims 
-RetainPermissions [ -Force]
Verify that users can access the web application after you have converted it to claims-based authentication.
NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

Convert SharePoint 2013 classic-mode web applications to claims-based web applications

In SharePoint 2013, complete the following procedures to first create a classic-mode Web application, and then convert it to claims-based authentication.
To create a classic-mode Web application in SharePoint 2013
  • Verify that you have the following memberships:
    • securityadmin fixed server role on the SQL Server instance.
    • db_owner fixed database role on all databases that are to be updated.
    • Administrators group on the server on which you are running Windows PowerShell cmdlets.
    • You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
    • Add memberships that are required beyond the minimums above.
    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  • From the Windows PowerShell command prompt, type the following:
    New-SPWebApplication -Name <Name> 
-ApplicationPool <ApplicationPool>
-AuthenticationMethod <WindowsAuthType>
-ApplicationPoolAccount <ApplicationPoolAccount>
-Port <Port> -URL <URL>
    Where:
    • <Name> is the name of the new web application that uses classic-mode authentication.
    • <ApplicationPool> is the name of the application pool.
    • <WindowsAuthType> is either “NTLM” or “Kerberos”. Kerberos is recommended.
    • <ApplicationPoolAccount> is the user account that this application pool will run as.
    • <Port> is the port on which the web application will be created in IIS.
    • <URL> is the public URL for the web application.
    NoteNote:
    For more information, see New-SPWebApplication.
    NoteNote:
    After you successfully create the web application, when you open the Central Administration page, you see a health rule warning that indicates that one or more web applications is enabled with classic authentication mode. This is a reflection of our recommendation to use claims-based authentication instead of classic mode authentication.
To convert a SharePoint 2013 classic-mode web application to claims-based authentication
  • From the Windows PowerShell command prompt, type the following:
    Convert-SPWebApplication -Identity "http:// <servername>:port" -To Claims
-RetainPermissions [-Force]
    Where:
    • <servername> is the name of the server.
Verify that users can access the web application after you have converted it to claims-based authentication.
NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

Migrate SharePoint 2010 Products classic-mode web applications to SharePoint 2013 classic-mode web applications

In SharePoint 2013, complete the following procedure to create a classic-mode web application, and then migrate an existing SharePoint 2010 Products classic-mode Web application to SharePoint 2013.
To migrate a SharePoint 2010 Products classic-mode web application to SharePoint 2013
  1. Verify that you have the following memberships:
    • securityadmin fixed server role on the SQL Server instance.
    • db_owner fixed database role on all databases that are to be updated.
    • Administrators group on the server on which you are running Windows PowerShell cmdlets.
    • You must read about_Execution_Policies (http://go.microsoft.com/fwlink/p/?LinkId=193050).
    • Add memberships that are required beyond the minimums above.
    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.
    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Permissions and Add-SPShellAdmin.
  2. From the Windows PowerShell command prompt, type the following:
    New-SPWebApplication -name "ClassicAuthApp" -Port 100 -ApplicationPool 
"ClassicAuthAppPool" -ApplicationPoolAccount (Get-SPManagedAccount 
"<domainname>\<user>")
    Where:
    • <domainname>\<user> is the domain to which the server belongs and the name of the user account.
  3. Attach the two existing SharePoint 2010 Products content databases to the new SharePoint 2013 classic-mode web application. Verify that the content databases work correctly after you have attached them. For more information, see Attach or detach content databases in SharePoint 2013.
For more information, see New-SPWebApplication and Get-SPManagedAccount.
NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.
Posted by at No comments:

MOSS 2007 to SharePoint 2013: Migration using Database Attach Method

In one of my projects, I got a chance to work on the migration where we have migrated contents from MOSS 2007 to SharePoint 2013 environment with the huge content of about 40+ databases and 11000+ sites. We had decided to start the upgrade process using the database attach method as this is the only supported method for upgrading from MOSS 2007 to SharePoint 2013 without much of complications.
 
Let me tell you, we cannot upgrade the content directly from MOSS 2007 release to SharePoint 2013. The changes between versions are too great, and the hardware requirements differ so much between versions that a direct upgrade is not possible or supported. However, we can perform a series of database-attach upgrades to first upgrade our content to SharePoint 2010 Products and then to SharePoint 2013. The upgrade method is almost similar from MOSS 2007 to SharePoint 2010 and then from SharePoint 2010 to SharePoint 2013.
 
This blog describes how to perform these sequential database-attach upgrades from MOSS 2007 to SharePoint 2010 and then to SharePoint 2013.
 
Run preupgradecheck in MOSS 2007 Server
Preupgradecheck will provide us the invaluable information regarding the SharePoint 2007 farm and actions that may be required to be taken prior to upgrading to SharePoint 2010/SharePoint 2013
Run the preupgradecheck as below in command prompt:
stsadm.exe -o preupgradecheck
 
Once you get “Operation completed successfully”, it will launch the “SharePoint Products and Technologies Pre-Upgrade Check Report”. It can also be located under the following location;
%COMMONPROGRAMFILES%\Microsoft Shared\Web Server Extensions\12\Logs\
 
Analyze the report and Fix the following settings:
• Identify any third party components used and deploy them to SharePoint 2010 and SharePoint 2013 site. E.g. Nintex, 3rd party features, including web parts, solutions and custom workflows
• Setup Incoming/Outgoing email settings in SharePoint 2010 and SharePoint 2013environment
• Modified Web.Config entries
• Configure Alternate Access Mappings (AAM)
• Find the missing webpart, event receivers or features if any and delete them
 
Take the Content Database Backup from MOSS 2007
Set the databases to read-only before taking backups.
• On the MOSS 2007’s database server, click Start, point to All Programs, Microsoft SQL Server, and then click SQL Server Management Studio.
 
SQL-Server-Management-Studio
 
• Traverse to Databases node by expanding the tree
• Right-click the name of the database that you want to set to read-only, and then click Properties.
• In the Properties dialog box, click the Options tab.
• Under State, select the Database Read-only to True, and then click OK
 
Backup the database:
Follow these steps to take back-up:
• Traverse to Databases node by expanding the tree.
• Right-click the database you want to back up, point to Tasks, and then click Backup Database
 
Backup-Database
 
• In the SQL Server Backup dialog box, specify a name for the backup, select Back-up type – Full, select a destination, and then Click OK to start the backup process.
 
Restore the Backup on SharePoint 2010 SQL server
• Open the SQL Server Management studio, traverse to “Databases” node. Then right click the “Databases” node and choose “Restore Database…” from the context menu.
 
Restore-Database
 
• Specify the Database name, Restore Source, Destination, File names in the screens.
• Click “OK” to start the restore operation and Wait for the restore to complete! The time of restoring database depends upon the database size and server’s capacity.
• Make the Read-Only database to false after restore
 
Create web application in SharePoint 2010
• In the SharePoint Central Administration, click on “Application Management” and click on “Create or extend Web application” under “SharePoint Web Application Management”.
• Again click on “Create Web application”. Set the settings according to the need.
• Don’t create any site collection.
• Install & Copy the solutions, file system changes (like images, themes) from MOSS 2007 to SharePoint 2010 server.
 
Remove content database of the newly created web application in SharePoint 2010
 
Now, we need to delete the content db of the newly created web application in order to avoid any URL conflicts. Run the below stsadm command:
stsadm -o deletecontentdb -url <http://url> -databasename <MOSS2007_Migration_Content>
 
Attach restored database with the newly created web application in SharePoint 2010
• Test the content database: Before attaching the content databases to the Web applications, use the Test-SPContentDatabase PowerShell cmdlet to verify that all of the custom components that you need for that database. It checks for all artifacts such as feature, setup files, web parts etc. that are referred in the content database are installed in the farm and provide you with a report.
• Test-SPContentDatabase -Name <DatabaseName> -WebApplication <URL>
• Delete the corrupted objects
• stsadm -o databaserepair -url <URL of SharePoint site> -databasename <name of database> -deletecorruption
• Attach the Content DB to Webapplication
• Finally, we need to attach the restored MOSS 2007 database to SharePoint 2010 by running the STSADM command
o The Content DB containing the root site collection is always applied first.
o The other content DBs can be applied in any order. Attach the Content DB of the Root Site collection First. And then Attach the Content DBs of other Site Collections.
stsadm.exe -o addcontentdb -url <URL of SharePoint site> -databasename <MOSS2007_Portal_Content>
 
• Or you can use the PowerShell cmd-let: Mount-SPContentDatabase
Mount-SPContentDatabase -Name <DatabaseName> – databaseServer <ServerName> -WebApplicationURL
 
Migrate from Classic Mode to Claims mode
SharePoint 2013 authentication mode is by default Claims mode, so during migration from any previous versions, make sure to migrate authentication from Classic to Claims mode. If the authentication type is Claims already, then ignore this step.
 
Refer this Tech-net guide on how to migrate to claims – http://technet.microsoft.com/en-us/library/gg251985.aspx
 
Post Migration fixes 
Once the content database attachment process is over, we have to manually fix the below things:
• Migrate any List/Site stp’s present from previous version to next version
• Migrate InfoPath forms and change the url ’s to the new url and then publish forms
• Perform the Visual upgrade to get the look and feel of the next version
o Following are the commands used in PowerShell to do visual upgrade
o SharePoint 2010 visual upgrade using PowerShell
 
//Use this for entire webapplication
$w = get-spweb http://server/site
$w.webs | ForEach-Object {$_.UIversion = 4; $_.UIVersionConfigurationEnabled = $false; $_.update()}
 
//Use this for individual site
$web = Get-SPWeb http://server/site
$web.UIVersion = 4
$web.UIVersionConfigurationEnabled = 0
$web.Update()
SharePoint 2013 visual upgrade using PowerShell
Upgrade-SPSite “http://server/site” –VersionUpgrade
 
Similarly to migrate content from SharePoint 2010 to SharePoint 2013, follow the steps from 1 – 8. Once all the operations are done, browse the migrated site and check the functionality.
 
References:
 
http://technet.microsoft.com/en-us/library/cc262967.aspx
Posted by at No comments:
Subscribe to: Posts (Atom)