We had a customer that used the “dial in” options in AD to determine whether or not the users were allowed to use a VPN.  They didn’t want to change this to use groups or NPS.

The following powershell allowed us to set this policy based on a group:

$users=get-adgroupmember “Remote_users”

foreach ($user in $users)

{

    set-aduser $user -replace @{msnpallowdialin=$TRUE}

}