Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1058
Views
5
Helpful
3
Replies

NPS server for each AD Site

Eric Kemsley
Level 1
Level 1

‎05-29-2013 08:45 AM - edited ‎07-04-2021 12:08 AM

Do I need to install a nps server for each active directory site? I have one 2504 controller and nps server for the the 10.13.x.x network and it is working fine.

I have another controller for our branch office 10.14.x.x Do I need to set up another nps server at the 10.14.x.x site?

TIA,

Eric

Labels:
0 Helpful
3 Replies 3

Richard Atkin
Level 4
Level 4

‎05-29-2013 08:59 AM

It depends on your requirements / network topology / distribution of AD Servers.

If you're just sticking a WLC at that remote site but there's no Domain Server there too, I wouldn't bother adding an NPS box as it doesn't really add anything to the solution... If the WAN link drops (and therefore your connection with AD also drops), you're scuppered! In this case, your best bet would be to add a second NPS box centrally, and then use both NPSs in parallel so you have some resiliency.

If you do have a Domain Controller at your branch office however, then there's certainly no harm in adding NPS as well as it will allow you to provide some continuity of service in the event of a failure.

Eric Kemsley
Level 1
Level 1
In response to Richard Atkin

‎05-29-2013 09:06 AM

I do have a DC at that site so I will setup another nps server there.

Thanks!

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎06-02-2013 12:32 PM

Hello Eric,

As per your query i can suggest you the following solution-

Need to install a nps server for active directory site depends upon the network topolgy and distribution of AD Servers.

If you are using WLC , no need to add NPS but if you have Domain Controller we need to add NPS.

When Network Policy Server (NPS) is a member of an Active Directory® Domain Services (AD DS) domain, NPS performs authentication by comparing user credentials that it receives from network access servers with the credentials that are stored for the user account in AD DS. In addition, NPS authorizes connection requests by using network policy and by checking user account dial-in properties in AD DS.

For NPS to have permission to access user account credentials and dial-in properties in AD DS, the server running NPS must be registered in AD DS.

Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure.

To register the NPS server in the default domain by using the NPS console

1.Log on to the NPS server by using an account that has administrative credentials for the domain.

2.Open the NPS console.

3.Right-click NPS (Local) , and then click Register server in Active Directory . When the Register Network Policy Server in Active Directory dialog box appears, click OK .

Hope this will help you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card