Is it possible for IIS7.5 on DMZ network to have Active Directory/LDAP integration

Hi, I have just set up a new IIS server on my Windows 2008 R2 server.  My IIS7.5 server is on a publically routable IP network.  Is it possible to in some way link it to our Active Directory (through LDAP maybe?) so that our internal users can be given access to FTP sites using their AD usernames and password?  I have created a couple of local users on the server and they can connect to the FTP sites no problem, but when I try and connect with an AD user i get error "530 user cannot login" and "530 user cannot login, home directory inaccessible."
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


The whole point of a DMZ is to keep it seperated. You can open up this up but i would not recommend it.

If you really must i would proberbly go for a one way trust between the domain and the DMZ, but as i said before... really your defeating the perpous of having it by opening it up.
carbonbaseAuthor Commented:
Hi, I am hoping there is a way to integrate using Lightweight Directory Services (LDAP integration), I've had some success doing this with Cerberus FTP server, but I'm looking for a way to do with IIS as there is no extra costs involved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I'd seriously not compromise your internal AD by opening it up to a DMZ system.

If anything, create local accounts on the IIS box.  We've got many users in this scenario, without complaint.
The one thing that we do in addition to this is record the ID's and PW's we've created for the users and store them in the event a user forgets a piece of the info... locked down of course.   No password policies assigned to the DMZ, Stand Alone FTP server.

Just remember: security almost always comes at some kind of cost.  Looking for ways around it really defeats the purpose (of a DMZ)... may as well have it on the inside, on the domain, and open it up to the world if you are going to open it up.
carbonbaseAuthor Commented:
Hi thanks for the advice and answers.  I decided to abandon using IIS to configure our FTP sites and used Cerberus FTP server instead which has build in LDAP integration
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.