Processing a User Name Without a Domain Name

Applies To: Windows Server 2008, Windows Server 2008 R2

While processing connection requests, Network Policy Server (NPS) examines the user name portion of the Access-Request message to determine whether a domain name has been specified. If a domain name is specified and NPS is registered to access the user accounts database in the designated domain, NPS proceeds with processing the connection request.


To be registered in a domain, the NPS server must be a member of the RAS and IAS Servers security group for the Active Directory Domain Services (AD DS) domain.

Some network access servers delete or modify the domain name as specified by the user. As a result, the network access request is authenticated against the default domain, which might not be the domain for the user's account. To resolve this problem, configure your Remote Authentication Dial-In User Service (RADIUS) servers to change the user name into the correct format with the accurate domain name.

When the user name does not contain a domain name, NPS supplies one. By default, the NPS-supplied domain name is the domain of which the NPS server is a member.

For more information, see NPS: Default Domain.