Configure AD FTP user attributes, Testing, Troubleshooting.
On the domain controller, use ADSIEdit.msc and adjust the user properties.
This is something you should treat very seriously, using ADSIEDIT.msc is the ‘registry editor’ of the AD database. If you are unsure how to edit Attributes, consult your AD administrator. You’ll do this setting for each user. This could be scripted using Powershell, ADSI. We strongly suggest you do this in a non-production environment before attempting to deploy in your production environment.
Test externally with FTP client.
Here is sample output
Notice the bolded section, user, PASV, port
Connect socket #1580 to 192.168.0.68, port 21…
220 Microsoft FTP Service
331 Password required for ADFTPUser1.
230 User logged in.
Keep alive off…
257 "/" is current directory.
227 Entering Passive Mode (192,168,0,68,19,39).
Connect socket #1568 to 192.168.0.68, port 4903…
125 Data connection already open; Transfer starting.
226 Transfer complete.
Transferred 57 bytes in 0.008 seconds
If you get 530 User cannot log in, home directory inaccessible.
If you can’t connect with PASV settings
Make sure the ADFTPReadOnly has READ permissions on the OU (organizational unit) in Active Directory. The user doesn’t need to be a Domain Admin.