Migrate NPS Server

Migrate NPS Server KB ID 0001841

Problem

If you have deployed an NPS Server on your network, there may be a time when you want to replace that server – if all its doing is NPS and its 2012 or newer I’d be tempted to simply in-place upgrade it, but some people are rigid in their beliefs that that is not a good idea. So in that case you need to migrate to a new server.

Solution : Migrate NPS Server

Locate NPS Server

Just in case you know you have an NPS server, but you don’t know what server it’s on, (or how many you have!) The simplest way to find out is to look in the RAS and IAS Servers group in AD.

Locate NPS Server

You can use the following procedure on Server 2012 (and newer) If your source server is Server 2008 then you need to use the netsh method I’ll outline below.

Migrate NPS Server : Export NPS Settings PowerShell

On the OLD (source) server,

 

Migrate NPS Server using PowerShell

Export-NpsConfiguration -Path C:\NPS-PS-Exported.xml

Then simply copy that exported XML file to the new NPS server.

Migrate NPS Server : Import NPS Settings PowerShell

At this point I’ll assume that your target server is built, updated and domain joined. So we have three tasks, install NPS, authorise the NPS server in AD, then import the settings from the file you exported above. Note: There is no direct PowerShell command to authorise the new server in AD (at time of writing) So we need to use the netsh command to do that.

Install-WindowsFeature NPAS -IncludeManagementTools

netsh ras add registeredserver

Import-NpsConfiguration -Path C:\NPS-PS-Exported.xml

Migrate NPS Server PowerShell Import

Then at this point I’d stop and disable NPS services on the old server and give everything a test. REMEMBER if you have RADIUS clients you may need to change the IP address that THEY are set to to the new NPS Server.

WARNING: If you are using authentication protocols that need certification like PEAPMS-CHAP v2, PEAPTLS, or EAPTLSAND your client are set to check the server’s identification (this is optional usually). Then check the new server has the correct certificates.

Migrate NPS Server (Server 2008)

On older OSs you don’t have the Export-NpsConfiguration and Import-NpsConfiguration PowerShell commandlets to use, so you have to use the netsh command instead.

Export NPS with Netsh

netsh

nps

export filename="C:\NPS-Exported-NETSH.xml" exportPSK=YES

Migrate NPS Server export using netsh

Import NPS with Netsh

netsh

nps

import filename="C:\NPS-Exported-NETSH.xml"

Migrate NPS Server import using netsh

Remove NPS

Once you’ve waited long enough to be sure you no longer need the old NPS server you can remove it with the following commands.

netsh ras delete registeredserver

Uninstall-WindowsFeature NPAS

Restart-Computer

Remove NPS Server via PowerShell

Note: If you are removing from Server 2008 you may need to use Remove-WindowsFeature NPAS instead!

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *