i:0#.w|Ali.Mazaheri

SharePoint, SharePoint and SharePoint!

Migrate users and permissions from SharePoint Server 2007 to SharePoint Server 2010

Migrate users and permissions from SharePoint Server 2007 to SharePoint Server 2010

  • Comments 2

Note: This post is based on Beta 2 and is subject to change in future releases.

When upgrading MOSS 2007 FBA sites based on publishing templates, you need to run “MigrateUsers” method against the web application hosting the site to migrate users and permissions in the userinfo table. For publishing sites by default two separate accounts (portalsuperuseraccount and portalsuperreaderaccount) being used for caching, by default super users account is the site’s System Account and the default super reader user is NT Authority\Local Service, while these two accounts work post upgrade for web application in classic mode however they are not correctly resolved in a claims auth application after running the “MigrateUsers” method and as a result browsing to site collections hosted by the web application will result in an “Access Denied” even for the site collection admin.

To resolve this issue you need to:

  • Create two separate windows accounts in AD that are not being used to login to the site
  • Give “Full” permission and “Full Read” permission to each user respectively through web application user policy settings
  • Assign the user with full permission to “PortalSuperUserAccount” property and the user with full read permission to “PortalSuperReaderAccount” property
  • Update the web application and do an IISRESET.
  • Do the two domain accounts need to be added to the managed credentials? If not, how does one specify the password for these two accounts?

  • Hi AMazaheri,

      I am working on SP 2010. We need to migrate all the permissions from MOSS[AD Account] to a Global LDAP Directory in SP 2010. What do you think is the best way to do? Should we need to write PowerShell scripts to actually get all the permissions from MOSS and then map them with the LDAP Directory in SP 2010? Is there a tool or any other way to actualy do this permission[ReACLing] migration to SP 2010? Please guide me through this.

    Thanks for your time.

    Regards

    Vishwas

Page 1 of 1 (2 items)
Leave a Comment
  • Please add 6 and 3 and type the answer here:
  • Post