Microsoft Active Directory user database

You can use the Microsoft Active Directory user database option to grant users listed in the active directory access (using their Windows domain username and password) to a host.

Using the WS_FTP Server Manager, you can display each user account and modify file transfer settings for an account, but you cannot add or delete user accounts. You must add or delete user accounts through the Active Directory Users and Computers.

To configure Microsoft Active Directory user database:

  1. From the top menu, select Host > Host Details. The Host Details page opens.
  2. Next to User database, click Configure. The User Database Configuration page opens.
  3. Set the appropriate options.
    • Organizational Unit. Enter the fully distinguished name of the organizational unit that contains the users you want to grant access to the file transfer server (Maximum length: 256 characters).
      For example: OU=YourOrgUnit,DC=YourDomain,DC=com
    • Include users from nested OUs. Select this option to grant access to all users contained in the organizational unit specified in Organizational Unit and all users in organizational units contained within the specified organizational unit. If this option is cleared, only the users in the specified organizational unit are granted access to WS_FTP Server; users in organizational units contained within the specified organizational unit are not granted access.
    • User Groups. Specify the fully distinguished name for the user groups that contain the users you want to allow to authenticate to the file transfer server. You can specify multiple group distinguished names separated by the pipe character ("|") (Maximum length: 256 characters).

      For example: CN=Group1,OU=YourOrgUnit,DC=YourDomain,DC=com|CN=Group2,OU=AnotherOrgUnit,DC=YourDomain,DC=com

      Note: The organizational unit that a user group belongs to does not have to match or be contained within the organizational unit entered in the first field.

      Tip: For more information about distinguished names, see "LDAP Naming Model" in How Active Directory Searches Work on the Microsoft Web site.

    • Use Microsoft Windows file permissions. Select this option to use Microsoft Windows file permissions in addition to any permissions set within WS_FTP Server. For more information, see Using Windows file permissions.
  4. Click Save.
  5. For WS_FTP Server to access the Microsoft Active Directory, you must change the user context under which WS_FTP Server is running using one of the following methods:
    • Provide impersonation credentials. WS_FTP Server can impersonate any Windows user. For more information, see Changing user context via user impersonation.
    • Change the user context for WS_FTP Server services and the virtual folder. You can change the WS_FTP Server services to run as a Windows user who has access to the Active Directory. For more information, see Changing user context on the services.

      Note: If you choose to change user context on WS_FTP Server services and the virtual folder, you must restart all services before the changes become active.