AD-Integrated FTP Sites aren't writeable

Tags: IIS, Windows Server

...but they can be.

By default, all FTP Sites within IIS are read-only sites. If you want someone to be able to upload files, you just tick the Write box on the Home Directory tab, and you're set.

Not with an AD-Integrated site. AD Integrated sites don't have a home or root directory within the filesystem. Instead, the root for each user is determined with the msIIS-FTPRoot and msIIS-FTPDir attributes within the directory. As a result, astute readers will notice that the Home Directory tab is distinctly absent from the site properties dialog:


So what do you do if you want to let users upload to this site? ADSUTIL.VBS to the rescue!

Get the list of FTP site identifiers:

C:\INetPub\AdminScripts> ADSUTIL enum /p MSFTPSVC

List the properties of our AD-Integrated FTP Root:

C:\INetPub\AdminScripts> ADSUTIL enum MSFTPSVC/941872650/Root
KeyType                        : (STRING) "IIsFtpVirtualDir"
Path                           : (STRING) ""
AccessFlags                    : (INTEGER) 32769
AccessExecute                  : (BOOLEAN) False
AccessSource                   : (BOOLEAN) False
AccessRead                     : (BOOLEAN) True
AccessWrite                    : (BOOLEAN) False
AccessScript                   : (BOOLEAN) False
AccessNoRemoteExecute          : (BOOLEAN) False
AccessNoRemoteRead             : (BOOLEAN) False
AccessNoRemoteWrite            : (BOOLEAN) False
AccessNoRemoteScript           : (BOOLEAN) False
AccessNoPhysicalDir            : (BOOLEAN) True
Win32Error                     : (BOOLEAN) False
AccessExecute                  : (INTEGER) 0

Set the AccessWrite flag to True:

C:\INetPub\AdminScripts> ADSUTIL set MSFTPSVC/941872650/Root/AccessWrite True
AccessWrite                    : (BOOLEAN) True

It really is easy when you know how ...

No Comments