Converting an Existing FTP Site to Isolate Users Using Active Directory Mode

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008

You can convert an existing FTP site to Isolate users using Active Directory mode after you upgrade to Windows Server 2003. Before you convert an existing FTP site to the Isolate users using Active Directory mode, complete the following procedure.

To prepare to convert an existing FTP site to Isolate users using Active Directory mode

  1. Plan user distribution over your network file server resources.

  2. Create server shares and user directories for all users that have access to FTP.

  3. Make sure to create a directory for anonymous access (if you want to enable anonymous user connections).

  4. For each user, set the msIIS-FTPRoot and msIIS-FTPDir properties in Active Directory to point to the new home directory using Iisftp.vbs, by typing the following at the command line:

    Iisftp.vbs /SetADProp UserName FTPRoot Server**\**Share

    Iisftp.vbs /SetADProp UserName FTPDir Directory

    For complete Iisftp.vbs syntax, type **Iisftp.vbs /SetADProp /?**at the command prompt.

You can complete the conversion by using the FTP Site Creation Wizard (recommended), or by following the procedure below to configure the metabase.

To convert an existing FTP site to Isolate users using Active Directory mode

  1. In IIS Manager, click the local computer, double-click the FTP Sites folder, right-click the FTP site that you want to convert, and then click Stop.

  2. Move existing user content into the new directories.

  3. Edit the metabase directory or use adsutil.vbs to configure the following metabase properties:

    • UserIsolationMode: Set to 2.

    • ADConnectionUserName: Set to a user that has permission to read Active Directory properties. Use Domain\UserNameformat.

    • ADConnectionPassword: Set to the password for the user in ADConnectionUserName.

    • DefaultLogonDomain: Set to the default domain name.

    • For the site root virtual directory: Set the Path property to an empty string, and add the value AccessNoPhysicalDirto the AccessFlagsproperty, using the | operator; for example: AccessFlags=AccessRead|AccessNoPhysicalDir.

    • AllowAnonymous, AnonymousUserName, and AnonymousPassword: See To enable anonymous access for the Isolate Users Using Active Directory FTP site earlier in this topic for information about how to set these properties.

      Important

      Before you edit the metabase, verify that you have a backup copy that you can restore if a problem occurs.

  4. In IIS Manager, click the local computer, double-click the FTP Sites folder, right-click the converted FTP site, and then click Start.