How to configure FTP User Isolation with Active Directory by Steve Schofield
This article covers how to setup two Active Directory users using the FTP 7.0 publishing service. I was unable to find a resource that showed basic steps to get started. The article is broken into multiple steps, each being dependent on previous steps. We are assuming you are familiar with Active Directory, IIS / FTP installation and configuration. Most likely, you’ll need to engage your Active Directory administrator for certain steps. The article is a beginning to being able to implement additional items such as FTP over SSL, lockdown the folders to just specific users / groups.
Assumptions
- The FTP server is Windows Server 2008
- The FTP service is 7.0 with the rollup hotfix (KB955136)
- All users are stored in Active Directory.
Test environment.
- Windows Server 2008 Active Directory native mode
- Windows Server 2008 FTP server is member server in AD
Initial Active Directory steps
Create Active Directory users
- ADFtpUser1
- ADFtpUser2
- ADFTPReadOnly (this will be used by the FTP service to read the AD attributes. It doesn’t need to be a Domain Admin)
Create Active Directory Global security group
- ADFtpUsers
Install FTP Service
Configure folder system
Create and Configure FTP Site
Post configuration, testing and troubleshooting
We hope you find this article useful.
Steve Schofield
Windows Server MVP – IIS
http://www.iislogs.com/steveschofield
http://www.IISLogs.com
Log archival solution
Install, Configure, Forget