Realms Processing and Attribute Manipulation
Note
Internet Authentication Service (IAS) was renamed Network Policy Server (NPS) starting with Windows Server 2008. The content of this topic applies to both IAS and NPS. Throughout the text, NPS is used to refer to all versions of the service, including the versions originally referred to as IAS.
Realms processing, which is also known as attribute manipulation, refers to transforming the name of the user requesting access. The calling-station ID and called-station ID can also be manipulated. The realms-processing rules are part of the Proxy profile attributes collection.
For each manipulation, you need to create two Manipulation-Rule attributes. Each of these attributes is a string value. The first rule contains a regular expression representing the pattern to match. The second rule contains a regular expression representing the replacement text. You must also create a Manipulation-Target attribute. This attribute is an enumeration that specifies which part of the user's information to manipulate.
The order in which the attributes are created is important. NPS processes the attributes in the order in which they were created.
The following table shows an example of a set of manipulation attributes.
| Name | Type | String Value |
|---|---|---|
| msManipulationRule | VT_BSTR | "@company.com" |
| msManipulationRule | VT_BSTR | "@microsoft.com" |
| msManipulationRule | VT_BSTR | "^.+@" |
| msManipulationRule | VT_BSTR | "guest@" |
| msManipulationTarget | VT_I4 | "1" |
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for