So this is really an outside the normal question and I am hoping someone has some thoughts. I am going to be upgrading a MOSS 2007 farm to MSS2010. I have to move hardware so I will be using the content database attach method for upgrade. The site is current
extended to a second IIS Application to support both window and Forms based authentication. Since this is an intranet, unique security is used at the site level (and occasionally at the doc lib level).
I want to take advantage of Claims Based Authentication (and use one URL, plus other benefits). I am well aware that that claims based token is not the same as the windows token even though the NTLM user is really the same. Thus that is what presents the
issue. I need to "migrate" all of my current NTLM-Classic users to claims based.
My first thought is to read the users added to each site (actually role assignments), find all users that have the domain name at the beginning of the member name and add a new users (appending the i:0#.w| to the beginning of the loginname) to the site.
This works beautifully and is succesful. The problem arises in the that the role assignments contains SharePoint groups (which we don't use much) and AD groups. the SharePoint groups are ok (yes, I have to migrate the users in them too, but no problem). The
AD groups are added via SID when it is claims based. This presents the probl
View Complete Post