Register the NPS Server in Active Directory Domain Services

  • Article

Applies To: Windows Server 2008

Register the NPS server in Active Directory Domain Services

When Network Policy Server (NPS) is a member of an Active Directory® domain, NPS performs authentication by comparing user credentials that it receives from network access servers with the credentials that are stored for the user account in Active Directory Domain Services (AD DS). In addition, NPS authorizes connection requests by using network policy and by checking user account dial-in properties in AD DS.

For NPS to have permission to access user account credentials and dial-in properties in AD DS, the NPS server must be registered in AD DS.

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.

To register the NPS server in the default domain using Network Policy Server

  1. Log on to the NPS server with an account that has administrative credentials for the domain.

  2. Open Network Policy Server.

  3. Right-click NPS (Local), and then click Register server in Active Directory. When the Register Network Policy Server in Active Directory dialog box appears, click OK.

To register the NPS server in the default domain using the netsh command

  1. Log on to the NPS server with an account that has administrative credentials for the domain.

  2. Open Command Prompt.

  3. At the command prompt, type: netsh ras add registeredserver.

To register the NPS server in the default domain using Active Directory Users and Computers

  1. Log on to the NPS server with an account that has administrative credentials for the domain.

  2. Open Active Directory Users and Computers.

  3. In the console tree, click the Users folder in the appropriate domain.

  4. In the details pane, right-click RAS and NPS Servers, and then click Properties.

  5. In the RAS and NPS Servers Properties dialog box, on the Members tab, add each of the NPS servers.

    You can also add the NPS server to the RAS and NPS Servers group with the Dsmod tool.

To register the NPS server in another domain using Active Directory Users and Computers

  1. Log on to the NPS server with an account that has administrative credentials for the domain.

  2. Open Active Directory Users and Computers.

  3. In the console tree, click the Users folder in the appropriate domain.

  4. In the details pane, right-click RAS and NPS Servers, and then click Properties.

  5. In the RAS and NPS Servers Properties dialog box, on the Members tab, add each of the NPS servers.

    You can also add the NPS server to the RAS and NPS Servers group with the Dsmod tool.

    After you register the server in AD DS, you can verify the security settings.

To register the NPS server in another domain using the netsh command

  1. Log on to the NPS server with an account that has administrative credentials for the domain.

  2. Open Command Prompt.

  3. At the command prompt, type netsh ras add registeredserver DomainNPSServer, where Domain is the DNS domain name of the domain and NPSServer is the name of the NPS server computer.

Note

To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

Note

To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

See Also

Concepts

Configure NPS to Use the Security Accounts Manager Database