Hello Nic,
So your IDP configuration matches LDAPCP config, but you cannot use the Windows groups claim types, you must migrate them to the role claim type you defined in the SPTrustedIdentityTokenIssuer object that you created
For this I recommend that you use SPFarm.MigrateUserAccount() method:
Yvan
So your IDP configuration matches LDAPCP config, but you cannot use the Windows groups claim types, you must migrate them to the role claim type you defined in the SPTrustedIdentityTokenIssuer object that you created
For this I recommend that you use SPFarm.MigrateUserAccount() method:
# Migrate WinClaim group to trust "localad" with claim type http://schemas.microsoft.com/ws/2008/06/identity/claims/role
$oldlogin="c:0+.w|s-1-5-21-889601965-842656306-4080565960-135608";
$newlogin="c:0-.t|localad|myazure.local\dmgroup2";
[Microsoft.SharePoint.Administration.SPFarm]::Local.MigrateUserAccount($oldlogin, $newlogin, $false);Yvan