Credential Migration from SSO MOSS 2007 to Secure Store SharePoint 2010 via PW Upgrade-SPSingleSignOnDatabase

Click on this sentence for this article in Spanish; Available on the Spanish SharePoint Support Team blog.


I would like to remind you that the PowerShell command Upgrade-SPSingleSignOnDatabase only migrates the definitions of the SSO but not the passwords. The official statement regarding to that is described in the following MSDN article.

Single sign-on
The Single Sign-On (SSO) service is being replaced with the Secure Store Service in SharePoint Server 2010. You can use Windows PowerShell cmdlets to upgrade application definitions from SSO to the Secure Store Service. Note that passwords are not upgraded. After you upgrade the application definitions, you can make the Secure Store Service the default SSO provider. For more information, see Perform post-upgrade steps for an in-place upgrade (SharePoint Server 2010).

So, everytime a user will enter for the first time on a site he will be prompted to input his credentials and password in order to be stored. (By design, The passwords are not migrated because it would be a SharePoint 2010 security breach)

Even, in the following TechNet article is stating very clear that the PW command is only for migrating the application definition.

Use the Windows PowerShellUpgrade-SPSingleSignOnDatabase cmdlet to migrate the application definitions from the SSO database to the Secure Store database as target applications.


Kind Regards.

Héctor Calvarro Martín. SharePoint Dev. Microsoft Support Engineer for DEV EMEA

Skip to main content