Migrating NPS Configuration
I recently had to migrate some services from an old Windows 2008 server to Windows 2016. One of those services was a Network Policy Server (NPS) service, which is used by RADIUS to authenticate users into some more secure resources.
I was kind of dreading the task, as I had no recollection of how I had configured it, some five or more years ago. My initial search on the subject landed me on this Microsoft documentation site, which was very informative. Luckily, the task of exporting and migrating your NPS configuration to import onto another server is quite simple. It can all be done with a few lines at a command prompt and a single XML file.
In Windows 2008 or 2008 R2, you use ‘netsh’.
In Windows 2012 and above, you can use PowerShell or ‘netsh’.
Both methods are equally simple, it really just comes down to which version of Windows Server are you migrating from.
Export and Import the NPS configuration by using Netsh
Log into to your source NPS server with your Administrative credentials.
Open a ‘Command Prompt’ as an administrator, type netsh, and then hit Enter.
At the netsh prompt, type nps, and then hit Enter.
At the netsh nps prompt, type export filename="<path>\<filename>.xml" exportPSK=YES
Update <path> with the folder location where you want to save your configuraation file. The path can be relative or absolute, or it can be a UNC path.
Update <filename> with what you want to name your xml file.
After you press Enter, you’ll see a message showing whether the export was successful or not.
Copy the xml file you created to the destination NPS server.
Open a ‘Command Prompt’ as an administrator on the destinantion NPS. Type the following command, then hit Enter. netsh nps import filename="<path>\<file>.xml"
A message will appear to show whether the import was successful or not.
Export and Import the NPS configuration by using Windows PowerShell
Log into to your source NPS server with your Administrative credentials.
Open a ‘PowerShell window’ as an administrator, type the following command, and then hit Enter. Export-NpsConfiguration –Path c:\NPSconfig.xml
There is no message after the command completes, but if you check your path location, you should see your xml file.
After you have exported the NPS configuration to a file, copy the file to the destination NPS server. I’m copying mine to the root of the c:\ so it’s easy to find.
Open a ‘PowerShell window’ as an administrator on the destination server. Type the following command, and then hit Enter, to import your configuration.
Import-NpsConfiguration -Path "c:\NPSconfig.xml"
When would you register the new server? Before or after you import the settings from the old server?
I assuming you’re talking about adding the new server to the domain? You would do that before importing the settings.
In my case, when I built my new server I reused the name and IP address of the older server. That way I wouldn’t have to change anything on all the other devices that were referencing the prior NPS server. Hope that makes sense.
How would you import multiple xmls from different NPSs consolidated into 1?
Sorry V, I’m not too sure how to do that. I wish you luck in searching for an answer.
Hey mate. I ended up here searching for a way to replicate NPS configurations on a freeradius/linux server. I will be grateful if you could help(in any way).THX
sorry… I’m of no help to you on your current quest. I’ve never used freeradius.
i get this error when i posted your command;
PS C:\Users\administrator.MACORPGY> Export-NpsConfiguration –Path c:\NPSconfig.xml
Export-NpsConfiguration : The term ‘Export-NpsConfiguration’ is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:1
+ Export-NpsConfiguration –Path c:\NPSconfig.xml
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Export-NpsConfiguration:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
is there a workaround for this?
It looks like you need to first enter the NETSH command, then NPS command, then you should be able to run the Export-NpsConfiguration –Path c:\NPSconfig.xml command
I know this is an old post but I was wondering if you could clarify the order of things? I’m standing up a brand new server and I want to swap IP’s with the old server. Is it something like this?
1. stand up new server with new IP
2. export config from old server
3. power off old server
4. swap IP’s
5. import config to new server
6. register server in AD?