Network Category not set to 'DomainAuthenticated' after joining domain.

Question

_{Saturday, April 26, 2014 10:44 PM}

I have a several hundred Windows 2012 servers that do not update thier network category to 'DomainAuthenticated' after being joined to a domain.  All my networks are unidentified and thus set to public.  I can run the following command and change them to private, but all documentation says that it should auto-magically change to DomainAuthenticated after joining a domain.  Does anyone have a solution?

Get-NetConnectionProfile | where {$_.NetworkCategory -eq "Public"} | Set-NetConnectionProfile -NetworkCategory Private

All replies (4)

_{Monday, April 28, 2014 3:49 AM ✅Answered | 1 vote}

Hi,

If the server is domain joined, when it starts to detect the network location, the machine will contact a DC via port 389. If this detection successful, it will get the domain profile. And we cannot change it. If the domain was not found or process failed, NLA will let you to determine which firewall profile will be used, private or public.

For more information about Network Location Awareness, you may refer to the following article. It also applies to Windows 2012.

Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx

Hope this helps.

We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

_{Thursday, May 1, 2014 1:30 AM | 1 vote}

Hi,

Just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

Regards.

We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

_{Thursday, May 1, 2014 1:37 AM | 2 votes}

I am not sure that is totally how it works in Windows 2012.  The behavior seems a bit different from Windows 2008.  I have many hundreds of these.  When we join our Windows 2008 R2 servers to the domain, it automatically pupulates the domain suffix with the domain we just joined.  However, Windows 2012 does not appear to do this.  It took me populating the DNS suffix for the adapter to go to it to a network category of DomainAuthenticated.  I wrote a PowerShell script to ensure that the DNS suffix is populated and a quick restart of the NLA service takes care of it.  Of course, some servers where already there and all servers have the same access to DCs. 

_{Thursday, August 27, 2015 4:00 AM}

Mark Poulton's solution worked for me after the firewall suddenly changed the network profile to private.

Colin Slaughter