Search Windows and Linux Networking

Tuesday, February 1, 2011

Creating FTP site with Isolate user using Active Directory

Creating FTP site with Isolate user using Active Directory

         As previously we had seen how to create FTP site with and without Isolate user to day we will see how to create FTP site with Isolate User using Active Directory. as the name sagest you have gets what is the requirement for FTP with Isolate users using Active Directory . Correct Active Directory envelopment must be in the please to implement this type of FTP site scenario. With out active Directory you will not able to do this type of FTP server.  

      You can be implement this type of server if you want user and do there job by access there home directory for download or upload there data from remotely using internet (Actually for work from remotely this is not the correct method VPN is the best option for work remotely, Other option are sharepoint server, or use secure FTP server  but I am give only the example for how you can implement this type of FTP server ) 

      So, What are the Basic requirement for FTP site with Isolate user using Active Directory.


1) fist and the most important we required Active Directory in please to implement this kind of setup.

2) second requirement is users must have define home directory for each user.

3) we required on user account for allowing ftp to read Active directory database for finding home directory for the user.

4) your Active Directory Domain Name. 

Lets Start Creating FTP site With Isolate users with active Directory.

1. Install the FTP Service from add/remove windows components.

2. Open IISManager

3. Delete the Default FTP Site as it does not get created in isolation mode by default

4. Create a New FTP Site by right clicking FTP Sites and going to new FTP Site

clip_image001[1]

5. This will launch the FTP Site Creation Wizard, Click Next

6. Enter a Description for Your FTP Site

clip_image002[1]

7. Set the IP address and Port to use for your FTP Site

clip_image003[1]

8. Next screen will be the FTP User Isolation options, Select Isolate users using Active Directory

clip_image004[1]

9. Next you will need to select a User that has Access to Active Directory, any domain admin account will suffice. Click Next and re-enter password to Confirm

clip_image005[1]

10. Select the required Permissions and click Next and then Click Finish

clip_image006

11. The IIS portion is now finished and now on to AD.

12. There are 2 schema attributes in AD that reside in the User Class that will allow us to define the users home directory for FTP. They are msIIS-FTPRoot which defines the root of the FTP server and msIIS-FTPDir which defines the users Home Directory. The problem here is that there is no GUI interface to define these attributes so for the purpose of this demonstration I will use ADSIEDIT from Support tools to modify these attributes, however you can also run the below script to do it as well.

Iisftp.vbs /SetADProp UserName FTPRoot Server\Share

Iisftp.vbs /SetADProp UserName FTPDir Directory

13. Load Up Adsiedit and drill down to the user account you want to isolate and go to the properties of that account and modify the 2 attributes mentioned above

clip_image007

14. Now whenever that user connects to your FTP server the user will be isolated to the Home Directory that was defined in Active Directory.

No comments:

Post a Comment