Home > Active Directory, Data Center, Microsoft Infrastructure, Windows Client, Windows Server > Migrating Network Policy Server (Radius) to Windows Server 2012 using PowerShell

Migrating Network Policy Server (Radius) to Windows Server 2012 using PowerShell


As a consultant, I often help customers upgrading to the newest versions of Windows Server. Most of the projects I have been involved in, I start with the Domain Controllers. It is easy if you create a good plan and stick to it. Migrating Domain Controllers also means migrating Role Services. In the following, you will learn how to migrate Network Policy Server, NPS, Radius or what you call it 😉

The last project was an upgrade from Windows Server 2008 to Windows Server 2012.

Step-by-Step Guide

Starting at the Windows Server 2008 domain controller, we’ll have to use the netsh command to extract information about the NPS configuration to a XML file.

Here you see an overview of the NPS configuration that we want to migrate.




Login to the Windows Server 2008 server with an administrative account and start and elevated command prompt. Execute the following command to generate the XML file:

netsh nps export filename="c:\temp\DC2.xml" exportPSK=YES

“exportPSK” is required is you need to export the Shared Secrets for your RADIUS Clients.

Remember to store the file in a secure place, as it contain security information.




Move or copy the file to the target Windows Server 2012 server.

Start a PowerShell Prompt in elevated mode and run the following command:

Import-NpsConfiguration –Path c:\temp\dc2.xml



Running the command should only give you a new prompt and you are done!

Check out the Network Policy Server Admin user interface to secure that settings are migrated.



NOTE: That SQL Logging settings are NOT migrated, so please check under Accounting to see if the settings are in compliance with your policies.




If you are not switching IP on the target server, then you have to change all clients pointing at the NPS Server. In most migrations, I switch the IP of the Domain Controller/ NPS Server to match the old Domain Controller IP. Then I do not have to change DNS Server settings on a lot of servers and my NPS clients talk to the correct IP.


NPS Netsh Command Reference:

NPS PowerShell Command Reference:

  1. qhayum
    01/09/2015 at 06:08

    Simple and good article

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: