How do I force all the users in the child domain to authenticate to their own Child DC but from the NPS in the HQ location ? Do I need to create another Connection request policy to authenticate users to their own child DC?
Hi moh10ly,
Yes, we may create another connection request policy in NPS(NPS1) server for users in child domain. In that policy, check "forward requests to the following remote RADIUS server group for authenticate". In advance, we installed NPS
role in child DC(NPS2). In NPS1 add NPS2 in remote RADIUS server, in NPS2 add NPS1 in RADIUS client.
And we need to ensure that users in child domain could only match conditions in the specific policy, then they can be sent to NPS2 for authentication.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.