How to configure FTP User Isolation with Active Directory by Steve Schofield

This article covers how to setup two Active Directory users using the FTP 7.0 publishing service.  I was unable to find a resource that showed basic steps to get started.   The article is broken into multiple steps, each being dependent on previous steps.  We are assuming you are familiar with Active Directory, IIS / FTP installation and configuration.  Most likely, you’ll need to engage your Active Directory administrator for certain steps.  The article is a beginning to being able to implement additional items such as FTP over SSL, lockdown the folders to just specific users / groups. 


  • The FTP server is Windows Server 2008
  • The FTP service is 7.0 with the rollup hotfix (KB955136)
  • All users are stored in Active Directory.

Test environment.

  • Windows Server 2008 Active Directory native mode
  • Windows Server 2008 FTP server is member server in AD

Initial Active Directory steps

    Create Active Directory users

  • ADFtpUser1
  • ADFtpUser2
  • ADFTPReadOnly (this will be used by the FTP service to read the AD attributes.  It doesn’t need to be a Domain Admin)

Create Active Directory Global security group

  • ADFtpUsers

Install FTP Service

Configure folder system

Create and Configure FTP Site

Post configuration, testing and troubleshooting

We hope you find this article useful.

Thank you,
Steve Schofield
Windows Server MVP – IIS
Log archival solution
Install, Configure, Forget