This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 34%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
Hi,
is there a way to force user groups at NPS authentication/RRAS to certain DHCP or static IP pool with Microsoft Always on VPN ?
AD group "A" users direct to pool etc 10.0.10.10 - 10.0.10.50
AD group "B" users direct to pool etc 10.0.20.10 - 10.0.20.50
If there is, then how would it be done. ( I dont want the static IP in user dial-in options ).
@Indrek Hi,
Thank you for posting in Q&A!
This issue has been discussed before, however please kindly note that the goal "assign a dhcp address (several scopes on a 2019 MS DHCP) to an always on vpn user based on network policies on the NPS server" cannot be achieved.
You can refer to the early thread discussing the same issue for more details:
https://social.technet.microsoft.com/Forums/en-US/59c0605e-849b-4599-ab86-34dd575746bc/always-on-vpn-with-server-2019-nps-radius-auth-and-selectable-dhcp-subnet-selection-?forum=winserverNIS
Hope you have a nice day : )
Gloria
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
Hi @Gloria Gu
So there is no way to direct AD different groups admin,partners,normal user etc to different IP pool/VLAN with Always on VPN RRAS service ?