Updated April 11, 2017
Serv-U MFT Server supports Active Directory (AD) authentication. This article describes how administrators can use AD organizational units (OUs) to provide different levels of access to different AD users.
All Serv-U versions
Serv-U provides a master Windows User Group that sets the default home directory and other properties for all users who authenticate through AD. To configure this group:
Open Users > Windows Authentication, and then click Configure Windows User Group....
Open Groups > Windows Groups, and then click Configure Windows User Group....
If you do not have home directories configured in each of your AD user accounts:
Click Groups > Windows Groups, and then select Add or Add Child to replicate the hierarchy of OUs present in AD.
Once you have mapped the hierarchy, you may edit the properties of each Windows Group to set limits, different home directories and different sets of virtual folders.
Select Require fully-qualified group membership for login to deny access to any AD user whose organizational unit has not been mapped.
You can disable access for all users in specific OUs. You must have a proper OU to Windows Group mapping, and then clear Enable account in the Group Properties.
An existing AD for
mydomain.com contains three organizational units in the MyBusiness\Users organization unit. Only users from the blue team and red team should be allowed to sign in.
To implement this configuration:
Notice that there is no separate entry for the domain:
mydomain.com, and that only two of the three organization units present under Users in the AD is present on Serv-U.
If you are having trouble signing in or mapping Serv-U Windows Groups to AD OUs, add a domain name:
mydomain.comin the Windows Domain Name field.
Remember that users in the built-in AD Users collection (under the domain root) is NOT an addressable OU.
Do not expect a Serv-U Windows Group named Users to apply properties to AD users from the built-in Users collection.
To double-check the hierarchy necessary to address an AD user with a tree of Serv-U Windows Groups:
To confirm that your mapping is correct, apply a Limit through the Serv-U Windows Group. For example, you might turn off access to Web Client Pro in one of your Windows Groups. Then, you know your group is mapped correctly when you sign in as an AD user in the applicable OU and your Enable Web Client Pro link is missing from the Web Client interface.