I’ve been migrating classic mode SharePoint 2010 sites to claims sites for a while now, so much that I even have a script to do it for me. However, for some reason I have never come across the problem I encountered today.
The documentation on converting a classic mode web application to a claims based application I though was pretty solid on technet. Today I came across a strange issue where the site collection administrator was getting access denied in odd locations… or locations I thought were odd because SharePoint hadn’t security trimmed the links as I thought it would if access really was denied.
Turns out there is a small paragraph at the very bottom of the article which essentially points out “don’t forget to update your super user/reader properties!”… which I did! Not sure why I haven’t come across this until now but hope this helps others with the same issue.
The below PowerShell should help you out in fixing the issue:
$wa = Get-SPWebApplication -Identity <web app url> $wa.Properties[" portalsuperuseraccount"] = "i:0#.w|<super user account in domainlogin format>" $wa.Properties["portalsuperreaderaccount"] = "i:0#.w|<super reader account in domainlogin format" $wa.Update()