locked
NPS Radius Server on a Domain Controller RRS feed

  • Question

  • I am in the process of moving my nps radius server from a windows 2008 R2 domain controller to a 2012 R2 server. Is it Microsoft best practice to install it on a domain controller or a member server?

    cshsysadmin

    Thursday, January 14, 2016 6:44 PM

Answers

  • Best practice is to install it on a domain controller. However it is a completely supported configuration to have it on a member server.

    The only reason it is considered a best practice to install on a DC is because this improves the odds of successful communication with ADDS for authentication purposes.


    Friday, January 15, 2016 12:13 AM
  • Hi rdprice_cshco.com,

    It is recommended to install NPS on DC, since NPS will query DC for authentication frequently, if NPS and DC on the same host, the traffic will not go through network, it may speed up the process and avoid some other issues.

    NPS best practice:

    https://technet.microsoft.com/en-us/library/cc755120(v=ws.10).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, January 15, 2016 2:31 AM

All replies

  • I am in the process of moving my nps radius server from a windows 2008 R2 domain controller to a 2012 R2 server. Is it Microsoft best practice to install it on a domain controller or a member server?



    cshsysadmin

    Thursday, January 14, 2016 6:57 PM
  • TechNet doesn't really say that it needs to be a domain member or a DC. The only time they seem to require it to be a member server is if you are running it on a Windows NT 4.0 domain.


    Thursday, January 14, 2016 7:01 PM
  •     I can't post links yet because I am new here, but the NPS best practices can be found at TechNet dot Microsoft dot com/en-us/library/cc771746(v=ws.10).aspx

    Thursday, January 14, 2016 7:13 PM
  • Best practice is to install it on a domain controller. However it is a completely supported configuration to have it on a member server.

    The only reason it is considered a best practice to install on a DC is because this improves the odds of successful communication with ADDS for authentication purposes.


    Friday, January 15, 2016 12:13 AM
  • Hi rdprice_cshco.com,

    It is recommended to install NPS on DC, since NPS will query DC for authentication frequently, if NPS and DC on the same host, the traffic will not go through network, it may speed up the process and avoid some other issues.

    NPS best practice:

    https://technet.microsoft.com/en-us/library/cc755120(v=ws.10).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, January 15, 2016 2:31 AM