I began an exercise to get FTP setup on IIS 7 on my new network using isolation mode with Active Directory integration. There are a few steps, which I'll list below, that are very unobvious to anyone trying to get this to work. I was very surprised that Microsoft didn't make better UI support for this. After I thought about it, however, I think I've realized one of the likely reasons why they don’t; FTP is horribly unsecure and is a dying protocol.
The bottom line is this- don't use FTP for anything that is sensative, and *definitely* don't use FTP with IIS and Active Directory integration!!! Usernames and passwords are sent it clear text and are easily hacked. The results of this could be disastrous- imagine someone getting your network admins' usernames and passwords or having someone download sensitive material from your FTP site. This is just bad bad bad ju ju! Use SharePoint document libraries or other content management systems like DotNetNuke for common / offsite storage of documents. There are some alternatives to FTP for large file downloads (i.e.: Microsoft's HTTP download manager, SFTP using SSH, etc), but I have not had time to really investigate a good alternative to this. So my compromise is this- WSS / MOSS / DNN for smaller files, and then FTP for large common files which are *not* sensitive, such as ISO's, etc. I'll setup an FTP site in user isolation mode, but will *not* use Active Directory (ever!).
In some crazy world where you think the security risks are okay to use Active Directory integration, this is what you do.
1. Create the FTP site in User Isolation Mode with Active Directory Integration
2. Set the User's Home Folder in the Profile tab of the User's properties in AD Users and Computer
3. Use a tool such as ADSI Edit to modify the following two Active Directory attributes
1. msIIS-FTPDir (ie: "Z:\Users\")
2. msIIS-FTPRoot (ie: "tom.hundley")
It works like a champ, but NEVER DO IT!!!!
Instead, use isolation mode WITHOUT active directory integration and create local accounts on your FTP server. Remove all rights and permissions from those local accounts (yank them from Users group) except for the NTFS permissions on their respective FTP folders in preparation for the day they are hacked, and never put sensitive files in these folders.
1. Create %ftproot%
2. Create %ftproot%\LocalUser
3. Create %ftproot%\LocalUser\ftpUsername
Tom Hundley
Elegant Software Solutions, LLC