Sync NPS (Network Policy Server) configs between multiple servers

Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy.

As a RADIUS server, NPS performs centralized authentication and authorization for wireless devices, and it authorizes switch, remote access dial-up, and virtual private network (VPN) connections. Using NPS, you can centrally configure and manage network access authentication, provide authorization for connection requests, and accounting for information logs.

As a RADIUS proxy, NPS allows you to configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers. You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group.

image-center

If you want to use multiple NPS servers to perform load-balance between them then you need to set up an NPS proxy. You may also ask what if the NPS proxy gets down? How to do NPS Proxy Failover/High-Availability? Actually, I also don’t know the answer or there might be no better way to accomplish this for now. You also maybe not interested in adding another extra node(proxy node) as we usually try to remove extra dependencies in the production environment.

So I have written a PowerShell script that will sync NPS config between multiple nodes. The below script will sync the NPS config from the main NPS node to all those defined multiple slave nodes. In master node, add this PowerShell script in your task schedular to automate this process. Run it every 5mins. Also, Script will also hold NPS config backup for 10 days in the master node. Please make sure communication between multiple nodes is working.

First create a directory in master NPS node. C:\NPS-Backup\archive and directory C:\NPS-Backup in all slaves nodes. Define any 1 NPS server as master node.

# Define date format
$date = get-date -Format yyyy_MM_dd

# Delete files older than 10 days
$limit = (Get-Date).AddDays(-10)
$backup_dir = "C:\NPS-Backup"

# Define all NPS slaves computers here,
$Computers = @('dc1.bidhankhatri.com.np','dc2.bidhankhatri.com.np')


# Export NPS Config
Export-NpsConfiguration -Path $backup_dir\archive\NPS_config_$date.xml
Export-NpsConfiguration -Path $backup_dir\NPS_config.xml


# Copy config to destination server
$Computers | Foreach-Object { Copy-Item -Path $backup_dir\NPS_config.xml -Destination \\$_\C$\NPS-Backup\NPS_config.xml }


# Import new config in destination server
$Computers | Foreach-Object { Invoke-Command -ComputerName $_ -ScriptBlock {Import-NPSConfiguration -Path C:\NPS-Backup\NPS_config.xml}}


# Delete files older than the $limit.
Get-ChildItem -Path $backup_dir\archive -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force

Start-Sleep -Seconds 4

Comments