Microsoft FTP Server can be configured to authenticate users against an Active Directory server. One possible reason for doing this is for single sign-on, or administrative ease.

Applicable Systems

  • Windows 2003 FTP
  • Windows 2000 or later Active Directory

Creating a New Active Directory FTP Server

Open the Administrative Tools | Computer Management and expand Internet Information Services. Right click Internet Information Services to create a new FTP.

Where Is The FTP?

If FTP is not available on the menu it may not have been installed. In this case, open the Add/Remove Programs and click on Add/Remove Windows Components. Explore details for Internet Information Services (IIS) and ensure that File Transfer Protocol (FTP) Server is checked. If not, have it installed.

FTP User Isolation

When creating a new FTP server, there are three options for user isolation. Isolation using Active Directory should be selected.

FTP requires a query-user and password to access the Active Directory server. When an FTP user needs to be authenticated, the FTP server will use the query-user account to connect to the Active Directory, then it can authenticate the FTP user.

FTP also requires the domain name of the users it will be serving.

Setting the Home Directory for Each User

Since the FTP server has been set up for Active Directory isolation, there is no root folder for the FTP server to use, nor is there user folders within the root folder.

Each FTP user will have her own root and user folder, and she cannot detect the presence of other users' folders. The FTP user's root and user folder information is stored in the Active Directory server. The Active Directory server will have to be informed about these two parameters.


The following is a situation.
  • The FTP server is
  • The Active Directory server is
  • The Active Directory administration account is admin.
  • The new FTP user is
  • The root folder for jiajia on is c:\ftproot
  • The user folder for jiajia on is c:\ftproot\jiajia
Use the following command to tell the Active Directory server about the new user's root and user folders:

iisftp /s /u admin /p password /setadprop jiajia FTPRoot c:\ftproot
iisftp /s /u admin /p password /setadprop jiajia FTPDir \jiajia
The user jiajia should be able to use the FTP server now.

Last updated on 19 Sep 2007
133, New Bridge Road #24-01
Chinatown Point S(049513) •
Tel: 6-552-6826 •
Copyright Bumble Bee Laboratories Pte. Ltd. July 2020