I’ve been migrating classic mode SharePoint 2010 sites to claims sites for a while now, so much that I even have a script to do it for me. However, for some reason I have never come across the problem I encountered today. The documentation on converting a classic mode web application to a claims based application I though was pretty solid on technet. Today I came across a strange issue where the site collection administrator was getting access denied in odd locations… or locations I thought were odd because SharePoint hadn’t security trimmed the links as I thought it would if access really was denied. Turns out there is a small paragraph at the very bottom of the article which essentially points out “don’t forget to update your super user/reader properties!”… which I did! Not sure why I haven’t come across this until now but hope this helps others with the same issue. The below PowerShell should help you out in fixing the issue:
$wa = Get-SPWebApplication -Identity <web app url>
$wa.Properties\[" portalsuperuseraccount"\] = "i:0#.w|<super user account in domainlogin format>"
$wa.Properties\["portalsuperreaderaccount"\] = "i:0#.w|<super reader account in domainlogin format"