Configure AD FTP user attributes, Testing, Troubleshooting.

On the domain controller, use ADSIEdit.msc and adjust the user properties.

This is something you should treat very seriously, using ADSIEDIT.msc is the ‘registry editor’ of the AD database.  If you are unsure how to edit Attributes, consult your AD administrator.  You’ll do this setting for each user.  This could be scripted using Powershell, ADSI.  We strongly suggest you do this in a non-production environment before attempting to deploy in your production environment.

Test externally with FTP client. 

Here is sample output

Notice the bolded section, user, PASV, port

Connect socket #1580 to, port 21…
220 Microsoft FTP Service
331 Password required for ADFTPUser1.
PASS **********
230 User logged in.
215 Windows_NT
Keep alive off…
257 "/" is current directory.
227 Entering Passive Mode (192,168,0,68,19,39).
Connect socket #1568 to, port 4903
125 Data connection already open; Transfer starting.
226 Transfer complete.
Transferred 57 bytes in 0.008 seconds


If you get 530 User cannot log in, home directory inaccessible.

If you can’t connect with PASV settings

Make sure the ADFTPReadOnly has READ permissions on the OU (organizational unit) in Active Directory.  The user doesn’t need to be a Domain Admin.