Skip Ribbon Commands
Skip to main content

Ondrej Sevecek's English Pages


Engineering and troubleshooting by Directory Master!
MCM: Directory

Quick Launch

Ondrej Sevecek's English Pages > Posts > How to match domain names in NPS logins
December 17
How to match domain names in NPS logins

If you implement custom Connection Request Policy in an NPS server (network policy server) you may want to forward authentication requests to a remote RADIUS server group. You may base the forwarding decision on a number of request attributes comming from the RADIUS client (such as a VPN gateway or a WiFi access point) as well as those passed through from its access client (the actual VPN client or WiFi client).

One of the attributes that you can check is the user name or user login. You may want to match user login names against domain names and forward the RADIUS requests for authentication to different remote RADIUS server groups. When using the user name attribute for connection request policy matching, you specify a regular expression (regex) to match the domain name. The following are examples of how to do it depending on the format of the login used:

what login regex
match a NetBIOS domain name followed by backslash domainA\kamil ^domainA\\.+
match a FQDN domain name preceded by the at@ sign .+@domainB\.com$
longer fully qualified domain name kamil@ad.domainB.local .+@ad\.domainB.\local$
both NetBIOS and DNS domain names domainA\kamil or kamil@domainA.local (^domainA\\.+)|(.+@domain.\local$)

Note that the carret ^ chacter means begin of the string while the dollar sign $ means end of the string, dot-plus .+ means at least a single character and the dot and backslash must be escaped with another backslash. You can always verify the functionality from powershell just like in the following examples:

'domainA\kamil' -match '^domainA\.+'
'domainXXX\kamil' -match '^domainA\.+'
'' match '.+@domainB\.com$'

Wish you happy time with your NPS :-)


What regular expression would you use ...

... to replace with ?

I have an issue with the "." (dot)

Thanks in advance for any input !

 on 08/08/2019 15:15

Re: How to match domain names in NPS logins

you must escape the dot with backslash: \.

 on 12/08/2019 11:54

what if you don't want to use a domain name

what if you don't want to use a domain name
 on 18/02/2020 19:29

what if you don't want to use a domain name

what if you don't want to use a domain name
 on 18/02/2020 22:27

Add Comment

Sorry comments are disable due to the constant load of spam *

This simple antispam field seems to work well. Just put here the number.


You do not need to provide any value this column. It will automatically fill with the name of the article itself.

Author *

Body *