Modify an Existing Classic Authentication to Claims-based Authentication using PowerShell

You can update a web application that uses classic authentication to claims-based authentication using a PowerShell script. The following procedure helps you migrate existing web applications configured to use classic authentication, to use claims-based authentication.
smas
You can update a web application that uses classic authentication to claims-based authentication using a PowerShell script. The following procedure helps you migrate existing web applications configured to use classic authentication, to use claims-based authentication.
You cannot reverse this process. After you convert the web application authentication type to a Claims-based authentication, you cannot reconvert the authentication to the previous type.
Follow these steps:
  1. Open the SharePoint 2010 Management Shell command prompt.
    The command prompt appears.
  2. Enter the following command to change the authentication mode to claims-based authentication:
    $WebAppName = "http:// yourWebAppUrl"
    $account = "yourDomain\yourUser"
    $wa = get-SPWebApplication $WebAppName
    Set-SPwebApplication $wa -AuthenticationProvider (New-SPAuthenticationProvider) -Zone Default
    The authentication mode is changed to claims-based authentication and the migration prompt is displayed.
    The preceding command modifies an existing classic authentication web application to claims-based authentication. Associate this web application with the Trusted Identity Provider in the SharePoint Central Administration user interface.
  3. Click Yes to continue, at the migration prompt.
  4. Enter the following command to set the user as an administrator for the site:
    $wa = get-SPWebApplication $WebAppName
    $account = (New-SPClaimsPrincipal -identity $account -identitytype 1).ToEncodedString()
    The user is set as the administrator for the site.
  5. Enter the following command to configure the policy to enable the user to have full access:
    $zp = $wa.ZonePolicies("Default")
    $p = $zp.Add($account,"PSPolicy")
    $fc=$wa.PolicyRoles.GetSpecialRole("FullControl")
    $p.PolicyRoleBindings.Add($fc)
    $wa.Update()
    The user obtains full access.
  6. Enter the following command to configure the policy to perform user migration:
    $wa = get-SPWebApplication $WebAppName
    $wa.MigrateUsers($true)
    The user migration process is completed.
  7. Start SharePoint 2010 Central Administration from Start, Programs, Microsoft SharePoint 2010 Products.
    The Central Administration Home page appears.
  8. Click Manage web applications, in the Application Management section.
    The Web Applications Management page appears with a list of available web applications.
  9. Select the web application that has been updated and click Authentication Providers on the ribbon.
    The Authentication Providers dialog shows that the authentication type has been updated to claims-based authentication.
For information about claims-based authentication and for using the Windows PowerShell, see the
SharePoint Server 2010 Deployment Guide
from the Microsoft TechNet website.