Last of the NPS integration with Azure MFA blogs, this will include using PowerShell for installation of the Radius Configuration from a backup along with additional snippets of PowerShell to potentially help you to automate your own NPS server build.
Installation of NPS Server Role
Install-WindowsFeature NPAS -IncludeManagementTools
Configure and add RadiusClients
The below Password is in plain text for example, it is recommended to use a secure-string, get-credential or similar to secure your password rather than passing the Password in as plain text.
$RadiusClient1IPAddress = "10.0.4.4" $RadiusClient1Password = "secret_password" New-NpsRadiusClient -Address $RadiusClientIPAddress -Name "Client1" -SharedSecret $RadiusClient1Password
Restart NPS Service
Restart-Service IAS -Force
Register NPS Server with Domain Controller
netsh nps add registeredserver
Restore a NPS Configuration
First a XML file is required to be taken from a NPS server that has the correct policy, this is done by:-
- Open NPS Server
- Right-click “NPS (Local)”
- Select “Export Configuration”
- Save XML
If you have followed my initial NPS configuration in this blog , authentication is restricted to a group, the snippet below within your XML configuration will need to be changed if you are restoring the configuration to a different domain.
Replace “replace_with_correct_ssid“:
NTGROUPS("replace_with_correct_ssid")
SSID found using powershell:
$adgroupsidname = 'NPSusers' $sid = (New-Object System.Security.Principal.NTAccount($adgroupsidname)).Translate([System.Security.Principal.SecurityIdentifier]).value
Your XML is now ready to be applied by the below & include a restart of NPS server
Import-NpsConfiguration -Path "C:\folderlocation\npsserver_export.xml" Restart-Server IAS -Force
Using the above, you will now be able to automate your NPS Server installation & restore if required.
Thomas Thornton 
1 comment