Create a new FTP site that isolates users in Active Directory Mode

In the "use active directory to isolate users" mode, user creden。 are verified based on the corresponding Active Directory container, rather than searching the entire Active Directory, because this requires a lot of processing time.

Secondary note
In this mode, you need to run the Active Directory Server on the Windows Server 2003 operating system. You can also use Windows 2000 Active Directory, but you need to manually expand the user object architecture. For more information about setting up an Active Directory Server, see Windows Server 2003 Help and Support Center.

A specific FTP server instance is specified for each customer to ensure data integrity and isolation. When a user object is in an Active Directory containerMsiis-ftprootAndMsiis-ftpdirExtract the attributes to provide the complete path for the user's main directory. If the FTP service can successfully access this path, the user is placed in the home directory representing the FTP root location. Users can only view their FTP root locations, so they are restricted and cannot browse the directory tree up. IfMsiis-ftprootOrMsiis-ftpdirThe attribute does not exist, or they cannot constitute a valid and accessible path together, and users cannot access it.

Important
Only members of the Administrators group on the local computer can perform the following procedure. Use an account that is not in the Administrators group to log on to your computer and then useRunAsRun the IIS manager as an administrator. At the command prompt, typeRunAs/User:Administrative_accountname"MMC % SystemRoot % \ system32 \ inetsrv \ IIS. msc".

Create an FTP site that isolates users in Active Directory Mode

2. In IIS manager, click "Local Computer", right-click the "ftp site" folder, point to "new", and then click "ftp site ".

4. In the "welcome to the FTP site creation wizard", click "Next ".

6. In "ftp site description", type the description of the FTP site and click "Next ".

8. In "IP address and port settings", type the IP address and port, and then click "Next ".

10. In FTP user isolation, click isolate users using active directory, and then click Next ".

12. In the "user name" text box, useDomain\UserFormat: Enter the user name or browse to the user name. Select a user with the minimum domain permission. This user name is used to access Active Directory and read the attributes of the main directory.

14. In the "password" text box, type your password.

16. In the "Enter default Active Directory domain" text box, type or browse to the default domain name.

    Secondary note

    When a user renews a domain, the domain name will provide users who do not specify their user domain. In other words, users connected using the username domain1 \ user1 will be verified in domain1, while users connected using user2 will be verified in the default login domain. If the default domain is not named and the domain name is not specified, only anonymous users can access the domain name. Only enter the basic domain name, not the fully qualified name. For exampleMydomainWithout typingMydomain.dept.microsoft.com.

18. Click "Next ". The system prompts you to re-enter the user password entered in the previous step.

20. Enable Read and Write Permissions as needed, click next, and then click Finish ".