Configure AD FTP user attributes, Testing, Troubleshooting.

On the domain controller, use ADSIEdit.msc and adjust the user properties.

This is something you should treat very seriously, using ADSIEDIT.msc is the ‘registry editor’ of the AD database.  If you are unsure how to edit Attributes, consult your AD administrator.  You’ll do this setting for each user.  This could be scripted using Powershell, ADSI.  We strongly suggest you do this in a non-production environment before attempting to deploy in your production environment.

• msIIS-FTPDir – ADFtpUser1
• msIIS-FTPRoot – \Server1ADFTPHome
• Powershell 1.0 script to do update the attributes

Test externally with FTP client. 

• CoreFTP (www.coreftp.com)
• FileZilla (http://filezilla-project.org/)
• SmartFTP ( www.smartftp.com )

Here is sample output

Notice the bolded section, user, PASV, port

Connect socket #1580 to 192.168.0.68, port 21…
220 Microsoft FTP Service
USER ADFTPUser1
331 Password required for ADFTPUser1.
PASS **********
230 User logged in.
SYST
215 Windows_NT
Keep alive off…
PWD
257 "/" is current directory.
PASV
227 Entering Passive Mode (192,168,0,68,19,39).
LIST
Connect socket #1568 to 192.168.0.68, port 4903…
125 Data connection already open; Transfer starting.
226 Transfer complete.
Transferred 57 bytes in 0.008 seconds

Troubleshooting

If you get 530 User cannot log in, home directory inaccessible.

• Make sure you set the Default Domain in the BASIC FTP authentication module, see step 3
• Make sure the AD attributes are setup properly, see step 4

If you can’t connect with PASV settings

• The External or Windows firewall PASV settings are configured, see step 3

Make sure the ADFTPReadOnly has READ permissions on the OU (organizational unit) in Active Directory.  The user doesn’t need to be a Domain Admin.