locked
Can NPS return an attribute of the OU that the user is in? RRS feed

  • Question

  • I am trying to configure a radius sever for Wireless Auth.

    I would like to be able for radius to return a specific attribute if the user is in a specific OU. 

    Is there a way to do this?  I see how to do it for a windows group but not OU.


    It's not the load that breaks you down it's the way you carry it. ~Lou Holtz~

    Saturday, June 2, 2012 3:20 AM

Answers

  • Hi Robert,

    Thanks for posting here.

    Yes ,the active directory attributes are not included in the default conductions of network policy in NPS .

    By customizing and using extension DLL we might let NPS to get these information form active directory database:

    Network Policy Server Extensions

    http://msdn.microsoft.com/en-us/library/windows/desktop/bb891989(v=vs.85).aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, June 4, 2012 2:26 AM

All replies

  • Hi Robert,

    Thanks for posting here.

    Yes ,the active directory attributes are not included in the default conductions of network policy in NPS .

    By customizing and using extension DLL we might let NPS to get these information form active directory database:

    Network Policy Server Extensions

    http://msdn.microsoft.com/en-us/library/windows/desktop/bb891989(v=vs.85).aspx

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Monday, June 4, 2012 2:26 AM
  • Hi Robert,

    Please feel free to let us know if the information was helpful to you.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Tiger Li

    TechNet Community Support

    Wednesday, June 6, 2012 10:35 AM
  • Can you give me more information on how to do this?  This is pretty high level.

    It's not the load that breaks you down it's the way you carry it. ~Lou Holtz~

    Thursday, June 7, 2012 1:58 PM
  • You need to write an extension DLL and install it on your NPS server. Generally, MSDN NPS extension API reference (see the link provided by Tiger Li) seems to be sufficient, and API isn't complex. An experienced programmer should be able to do that in pair of hours.

    Also, just out of curiosity: what RADIUS attribute do you want to use for returning OU, and what kind of RADIUS client should interpret it?

    Saturday, June 9, 2012 4:41 PM
  • Did you solved your problem? 

    I'm looking for the same and I want the following attributes: 

    memberOf 
    dn
    userPrincipalName

    Regards,


    Elton Machado MCP - SBS

    Tuesday, April 14, 2015 10:18 AM