Active Directory Authentication via Microsoft FTP 7.5 on IIS 7.0 and IIS 7.5

I was struggling to find a FTP product which allows secured FTP connections while also authenticating to Active Directory and being able to redirect the user to any specified folder and not to the root.  I tried Filezilla, Sysax Multi Server, WebDAV, and others but none could satisfy the requirements of my staff and web users.  I found Microsoft's own FTP version 7.5 encapsulated all these requirements, though took a bit to configure.  For those of you who want to create this solution, follow these instructions:


1.  Install IIS 7.0 or 7.5 on your Windows 2008 + server.
2.  Download FTP 7.5 for IIS 7, if you're using IIS 7.
3.  Install FTP 7.5 on your IIS server.
4.  Add FTP Publishing to an existing site or create a new FTP site.

5. You'll notice a new selection of FTP related items in your sites IIS menu.

6.  Double-click the FTP Authentication and disable Anonymous and IISManagerAuth, enabling only Basic.
7. Double-click the FTP Authorization Rules icon and create a new Allow Rule.  I created a new local group and placed my FTP users in it from the various domains in the forest.

8.  Double-click the FTP SSL Settings icon and select Require "SSL connections." To perform this action, you'll need to either create a local certificate or have purchased one from GoDaddy, Verisign, Comodo, Digicert, Thawte, or some other SSL certificate provider.

9. Double-click on the FTP User Isolation icon and select "User name directory."  This allows the creation of Active Directory domain-based user Virtual Directories.   

10.  Now you have the ability to redirect each FTP user to their virtual folder based on their domain.  For instance, if you have a domain named mybusiness.net, you'll make a new virtual folder off the root called mybusiness (excluding the root suffix).  For local server accounts, create a folder called LocalUser.  In the picture below, I have a MyBusiness domain FTP user named Bob and a server-based FTP user named Tom.  Also remember that all these users have to be added to the local FTP Users group added in Step 7.

11.  Step 10 illustrates how easy it is to create FTP user home folders.  From there, you can create sub virtual directories and point those to any file location your server has access to.  This makes it nice when a user needs access to multiple folders.  Instead of having the perusing your server folder structure and securing NTFS so they don't accidentally manipulate file unintentionally, have IIS make a clean folder structure for them.

12.  Firewall: Configure your firewall to allow port 21 and a range of consecutive ports for file transferring.  IIS.Net recommends ranges so FTP doesn't step on other ports.  To manually set up a range of ports, access the FTP Firewall Support section on the actually IIS Server link in IIS, not your site.

13.  In step 12, I added a 30000 - 30015 port range.  After this setting is applied, add the rule to your server's Firewall settings and any other network firewall too.

14.  Click on your site then the FTP Firewall Support section and you'll see the ports added but grayed out.

15.  After researching numerous websites, I found no way to effectively limit the data channel ports.  Yes I can manipulate the port range in step 14 but found it not working.  As such, every other aspect of Microsoft FTP 7.5 is great but if you need to tighten your firewall, this product is NOT for you!  You would have to open approximately 20,000 ports in the RPC range -- not viable.  I'm going to try WFTPD instead and see if I have better success.