Setting up FTP on Domain Controller using User Isolation

Hi all,
Our FTP site is set on a domain controller (not best practice i know, but i wasn't involved in the implementation of it) However, it currently works with the "FTP Root Directory" option selected, however this is not very secure as everyone has access
to everything. I need to set it up so it uses "Username Directory" as this is a domain controller, and i want them to authenticate via AD User/Group. However when i select that option, i can't connect to the FTP site - Connection attempt failed with
"EAI_NONAME - Neither nodename nor servname provided, or not known". When i change it back to "FTP Root Directory" it connects fine.
Basic Authentication is Enabled and Anonymous Authentication is disabled.
Virtual Directory option is selected under directory listing options.
Our FTP folder structure is E:\FTPRoot it got moved to this drive as it's a bigger drive.
I've set up a Virtual Directory for the FTP site and for the individual folders. 
I'm stuck on what else to try, any advice and guidance would be appreciated.

Hi,
FTP setup is related to IIS so you could post the question to IIS forum instead.
http://forums.iis.net/
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • Help with setting up active directory domain controller/DNS - need this for Clustering

    Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
    I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
    When I look at my server manager AD DS complain about DNS:
    NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    When I click on DNS this is the error:
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    Output of DCDiag -v is below.
    PS C:\Users\Administrator> dcdiag -v
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine NASE-2012-234, is a Directory Server.
       Home Server = NASE-2012-234
       * Connecting to directory service on server NASE-2012-234.
       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
    ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
    e,DC=com
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
    SDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
    N=Configuration,DC=lab,DC=nase,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
             Check the DNS server, DHCP, server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
             ......................... NASE-2012-234 failed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
          Test omitted by user request: Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Test omitted by user request: FrsEvent
          Test omitted by user request: DFSREvent
          Test omitted by user request: SysVolCheck
          Test omitted by user request: KccEvent
          Test omitted by user request: KnowsOfRoleHolders
          Test omitted by user request: MachineAccount
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: Replications
          Test omitted by user request: RidManager
          Test omitted by user request: Services
          Test omitted by user request: SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyReplicas
          Test omitted by user request: DNS
          Test omitted by user request: DNS
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : lab
          Starting test: CheckSDRefDom
             ......................... lab passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... lab passed test CrossRefValidation
       Running enterprise tests on : lab.nasecom
          Test omitted by user request: DNS
          Test omitted by user request: DNS
          Starting test: LocatorCheck
             GC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             PDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             KDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             ......................... lab.nase.com passed test LocatorCheck
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
             provided.
             ......................... lab.nasecom passed test Intersite
    PS C:\Users\Administrator>

    http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
    .:|:.:|:. tim

  • Use old domain controller AD user profile with new domain (profile changed)

    Dear All,
    I have built Win Server 2012 for Domain migration from Windows Server 2003 to Windows Server 2012. I have tested all thing on VMware including user creation and tested Domain join using power shell for Win 7 and .VBs batch file for Win XP computers all thing
    are working fine.
    Let 1st I introduce my current environment. I have existing Win Server 2003 domain controller (abc.com) with 130 client computers and 200 users I am going to plan migrate my current environment to Win server 2012 Domain (xyz.com) Keep in mind that Domain
    name is changed but Domain Controller (Server) names are same i.e MY-PDC . I have tested domain join on multiple computers using existing clone of client computers and create all existing users using .csv file and power shell with required
    credentials and OU.I am facing the user profile issue when I join domain and login with existing user which was previously the user of same computer the required profile does not login and computer creates new user profile in Document and Settings section
    of Win XP.
    I need your expert opinions because copy old profile data and create new outlook profile for each user is a big headache for any one. Hope you people can understand and help me in this issue.
    Please provide best answer and result on priority I will be thankful to all of you.
    Regards,
    Arsalan

    Hi Arsalan,
    Please check if USMT can help you to achieve this target.
    User State Migration Tool 4.0 User's
    Guide
    Meanwhile, please also refer to following articles and check if can help you.
    How
    to Migrate Windows User Profile to New Account
    Keeping user old domain profile
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Shutdown 2003 domain controller, Used new different name; same IP address on new 2012 DC - can I delete the old name object?

    Greetings,
    I promoted a 2012 domain controller, with new name and IP,   shutdown the old DC and re-ip'ed new DC with old IP address.
    after reboot everything is working fine.  I would like to deleted the old DC object name from the AD.  can I do so without interruption?
    Thank you

    Demotion using DCPROMO would have been the preferred way to go. 
    You should however be able to get away with deleting the computer object for the old DC using AD Users and Computers.  The metadata cleanup is now included in the modern UI, so you shouldn't need to use NTDSUtil to do the cleanup of references to the
    old DC.
    I would also manually remove the NS record for the old DC from your DNS zone(s) as this is not handled by the object deletion. 
    Also, have a good look through the DNS records anyway and see if there are any references to the old name (A, SRV records) and delete them manually if you find some.
    Alexei

  • Domain Controller deletes user account settings and applications - windows server 2012

    once in a month, when the user logs into his account, his settings and some applications get deleted. he has to install the outlook again, dropbox gets deleted, setting on the desktop disappears (files are still there) etc
    I am not sure about the cause or the solution. please let me know what i can do to fix this

    Hi,
    All the user has the same issue?
    Did the issue occur when you log into the Domain Controller?
    Any event id in event viewer?
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Domain Controller Logon Users Count

    Hi Guys, 
    I am trying to retrieve a list or numbers of users that are authenticated against a particular Domain Controller. I ran the following command but no luck.
    3.21 Finding the Number of Logon Attempts Made Against a Domain Controller
    Problem
    You want to find the number of logon requests a domain controller has processed.
    Solution
    The following query returns the number of logon requests processed:
    > nltest /server:<DomainControllerName> /LOGON_QUERY
    This will produce output similar to the following:
    Number of attempted logons: 1054
    I recently configured sites within my domain, Now i am after statistics that tell me how many users got authenticated by a domain controller.

    You can try to run this:
    $users = Get-ADUser -filter * -properties lastlogon -Server Server1
    foreach ($user in $users)
    $info = "" + $user.sAMAccountName + ";" + [DateTime]::FromFileTime($user.lastlogon) + ""
    $info
    Just replace Server1 with the name of your DC. You will then get the list of all the users with their
    lastlogon attribute value on this DC. By filtering the users by this attribute value, you will be able to get the list of users that have recently authenticated against this DC.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Unable to log onto domain controller with user account

    Hi,
    I am able to log onto my DC as domain admin. I cannot log on as myself. I do not see what I am missing in the GPO to make this happen? I am part of a server admin group and would like the server admin group to be able to log on to the domain controller to
    maintain the server. 
    Any suggestions?
    Wave~Chaser

    Log on to this DC and run rsop.msc and check the following policies:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally
    Add your self to Allow log on locally
    (in default domain controller policy - as I mentioned above) and make sure your user account not belong to any group that have Deny log on locally.
    Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

  • Set a default LDAP domain if the user does not specify one during logon

    We are using LDAP authentication. We have setup the repository to have 3 LDAP servers, with the following domain identifiers: PUBLIC, AGENT, CORPORATE. We would like to default the domain to PUBLIC for external users, so they do not need to provide a domain. AGENT and CORPORATE users would still specifiy the domain. Is there a way to do this? I've tried setting the USER variable in an init block using the following sql.
    Init block 1 - populates the USER session variable to prepend with PUBLIC if not specified
    select (CASE WHEN substr(':USER',1,instr(':USER','/')-1) is NULL then 'PUBLIC/'||':USER'
    ELSE ':USER'
    END)
    from dual
    Init block 2 - LDAP authentication - populates the EMAIL and UID session variables
    mail = EMAIL
    uid = UID
    Because I've defined the USER variable in the previous init block, I can't return the uid into the USER variable. This caused it to think that authentication was successful, and it allows you to login with valid LDAP users, but it will take any password you provide.
    ideas?

    Yes, I have done that. I have removed all other init blocks, and now have just the two. Init block 1 - set the value of the USER_TEMP variable, and init block 2 - the authentication init block. The authentication init block is marked as required for authentication, and the other init block must precede it. It is still allowing a user to login successfully under PUBLIC, when they are not a public user. If I explicitly login as PUBLIC/<user> it fails, as I would expect. But when I login as <user> it is successful. Which is not correct. I've checked in Answers that the variable USER_TEMP is being set to PUBLIC/<user>. So, I'm still confused as to why the LDAP init block is allowing it to go through.
    Edited by: user10603068 on Jun 9, 2010 7:26 AM

  • Stop using static domain controller

    How do I remove the static domain controller used by Exchange?  I need it to talk to all the domain controllers on our network.  Each time the single DC that it looks to goes down, no one can access the Exchange server.

    Hi rudnicke,
    Thank you for your question.
    We could run the following command to stop using static domain controller:
    Set-ExchangeServer -Identity 'servername' -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null
    If there are any questions regarding this issue, please be free to let me know. 
    Best Regard,
    Jim
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Jim Xu
    TechNet Community Support

  • 10.5.7 server as primary domain controller

    Setting up a 10.5.7 server -
    Server is setup as a open directory master, I want it also to be a primary domain controller (smb).
    But when I try to change it from Standalone Server to primary domain controller, using my directory admin user id and password, it just reverts back to standalone server. tried it with smb running and not running.
    Any ideas ?

    Having the same issue with Leopard Server 10.5.8.
    SMB was previously set up as a "Domain Member" and now I want to make it a "Primary Domain Controller".
    After reboot, the Role always reverts back to "Domain Member".
    Any ideas?

  • Central Domain Controller in Solution manager

    Hi All,
    We have configured ChaRM successfully for ECC and BI system landscapes, by creating domain links between Solution Manager domain controller and individual domain controllers for ECC and BI systems. Now, we are planning to go for a central domain controller (Solman Domain Controller) for all the satellite systems. So basically, we plan to move the individual domain controllers from ECC and BI to solman domain controller and i guess there will not be domain links required anymore.
    With regards to above scenario, please help me with below queries:
    1 - Will the above strategy work with chaRM or not
    2 - If yes, what are the activities that would be required to be redone in satellite system and solman system
    3- Any critical pre-requisites that needs to be checked before we can start this exercise
    Please help me with the above queries. Appreciate your time and effort.
    Thanks in advance.
    Regards,
    Imran

    HI,
    Yes, you could use solman to be set as the main domain controller; either way with domain links, please kindly have a look
    at this expert blog by our Charm expert;
    /people/dolores.correa/blog/2008/07/26/first-steps-to-work-with-change-request-management-scenario
    On transport group matters , you may want to visit this blog, on point no. 3
    https://weblogs.sdn.sap.com/cs/junior/view/wlg/15116
    Hope this helps.
    Cheers
    SH

  • Login to Domain Controller which is not in network

    Scenario
    I've taken an online clone of one of my Virtual Window 2003 Enterprise Domain Contoller which doesn't hold any roles. Removed the Clone Domain Controller from Network & powered it on.
    Now I want to log into that Domain Controller using my Domain Admin credentials but it's not working.
    Is there a way to log in to that Domain Controller which is taken out of network USING DOMAIN ADMIN ID ?
    I can log in to Restore Mode but that's not what I'm looking for, I need to log in to that DC using my Domain Admin credentials while It's not in network.
    This is for lab purpose.

    Hi Yankee,
    Have you cached credentials on the Domain Controller before you cloned one?
    I just tested that if I cache credentials, users are able to log on when domain controllers are offline.
    If not, you can try to clone another after cached credentials then test again, please note that do not take the cloned DC online, which will lead USN rollback.
    More information for you:
    Cached domain logon information
    http://support.microsoft.com/kb/172931/en-us
    Running Domain Controllers in Hyper-V
    http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=WS.10).aspx
    Best Regards,
    Amy

  • [Forum FAQ] How to sync time with a Domain Controller for a standalone server

    As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
    While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
    Figure 1.
    Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
    the steps below:
    1. Modified the value of the AnnounceFlags:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
    Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
    Figure 2.
    2. Confirm the value of the registry key below is set to 0:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
    Figure 3.
    3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
    In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
    w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
    4. Sync the time with the Domain Controller using the command below:
    w32tm /config /update
    From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
    Figure 4.
    (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
    More information:
    Windows Time Service Tools and Settings
    http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
    be found here:
    Calling All Wise Men! Windows
    Server Gurus Needed! Apply Within! No One Turned Away!
    Thanks for your informative post. :)
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • Promoting a server to a Domain Controller

    Quick question - I am just trying to satisfy my curiosity.
    I was reviewing our network at our new company and it looks like I have a Domain Controller using a DHCP address.
    I know best practice is to use a static address, but is it even possible to promote a server using that is using a DHCP address?
    Thanks

    Yes, it is possible to promote a DC using a DHCP address. You will receive a warning that says that you are not using a static IP when promoting your DC.
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • Enabling User Isolation on IIS FTP site

    We have a FTP site currently set to 'Do not isolate users' and 'FTP root folder'. This works nicely for most of our users however we want to add another user who needs to start in a specific sub directory.
    I think this can be achieved using user isolation by setting a home directory in AD for all users as per here: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-user-isolation-in-iis-7
    However that would require setting it for all our other users and potentially disrupting them. Are there any other good approaches that i've missed?

    Hi,
    For the iis question, i would suggest you may ask in:
    http://forums.iis.net/
    Thanks for your understanding.
    Regards.
    Vivian Wang

Maybe you are looking for