23 January 2020

Migrating NPS Configuration

I recently had to migrate some services from an old Windows 2008 server to Windows 2016. One of those services was a Network Policy Server (NPS) service, which is used by RADIUS to authenticate users into some more secure resources.

I was kind of dreading the task, as I had no recollection of how I had configured it, some five or more years ago. My initial search on the subject landed me on this Microsoft documentation site, which was very informative. Luckily, the task of exporting and migrating your NPS configuration to import onto another server is quite simple. It can all be done with a few lines at a command prompt and a single XML file.

In Windows 2008 or 2008 R2, you use ‘netsh’.
In Windows 2012 and above, you can use PowerShell or ‘netsh’.

Both methods are equally simple, it really just comes down to which version of Windows Server are you migrating from.

Export and Import the NPS configuration by using Netsh

Log into to your source NPS server with your Administrative credentials.

Open a ‘Command Prompt’ as an administrator, type netsh, and then hit Enter.

At the netsh prompt, type nps, and then hit Enter.

At the netsh nps prompt, type export filename="<path>\<filename>.xml" exportPSK=YES
Update <path> with the folder location where you want to save your configuraation file. The path can be relative or absolute, or it can be a UNC path.
Update <filename> with what you want to name your xml file.

After you press Enter, you’ll see a message showing whether the export was successful or not.

Copy the xml file you created to the destination NPS server.

Open a ‘Command Prompt’ as an administrator on the destinantion NPS. Type the following command, then hit Enter. netsh nps import filename="<path>\<file>.xml"
A message will appear to show whether the import was successful or not.

Export and Import the NPS configuration by using Windows PowerShell

Log into to your source NPS server with your Administrative credentials.

Open a ‘PowerShell window’ as an administrator, type the following command, and then hit Enter. Export-NpsConfiguration –Path c:\NPSconfig.xml

There is no message after the command completes, but if you check your path location, you should see your xml file.

After you have exported the NPS configuration to a file, copy the file to the destination NPS server. I’m copying mine to the root of the c:\ so it’s easy to find.

Open a ‘PowerShell window’ as an administrator on the destination server. Type the following command, and then hit Enter, to import your configuration.

Import-NpsConfiguration -Path "c:\NPSconfig.xml"

Tags: , , , , , , , , , , ,
Copyright 2022. All rights reserved.

Posted January 23, 2020 by IT.G.c in category "Microsoft", "Networking", "PowerShell", "Windows 2012/2012R2", "Windows 2016", "Windows 2019

9 COMMENTS :

  1. By Dorian Stanley on

    When would you register the new server? Before or after you import the settings from the old server?

    Reply
    1. By IT.PWWF on

      I assuming you’re talking about adding the new server to the domain? You would do that before importing the settings.

      In my case, when I built my new server I reused the name and IP address of the older server. That way I wouldn’t have to change anything on all the other devices that were referencing the prior NPS server. Hope that makes sense.

      Reply
  2. By HRS on

    Hey mate. I ended up here searching for a way to replicate NPS configurations on a freeradius/linux server. I will be grateful if you could help(in any way).THX

    Reply
  3. By Subhaschand on

    i get this error when i posted your command;

    PS C:\Users\administrator.MACORPGY> Export-NpsConfiguration –Path c:\NPSconfig.xml
    Export-NpsConfiguration : The term ‘Export-NpsConfiguration’ is not recognized as the name of a cmdlet, function,
    script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
    correct and try again.
    At line:1 char:1
    + Export-NpsConfiguration –Path c:\NPSconfig.xml
    + ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Export-NpsConfiguration:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    is there a workaround for this?

    Reply
    1. By Matt Schuster on

      It looks like you need to first enter the NETSH command, then NPS command, then you should be able to run the Export-NpsConfiguration –Path c:\NPSconfig.xml command

      Reply
  4. By Tim on

    I know this is an old post but I was wondering if you could clarify the order of things? I’m standing up a brand new server and I want to swap IP’s with the old server. Is it something like this?
    1. stand up new server with new IP
    2. export config from old server
    3. power off old server
    4. swap IP’s
    5. import config to new server
    6. register server in AD?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.