I am migrating from SBS2003 to SBS2011 and trying to work out how to provide the same FTP service. I currently have a few FTP users that authenticate with AD and then have access to a folder in which they can read and write but cannot traverse up the folder structure. In SBS2003 I create a user in AD and a folder with their login name and then create a FTP virtual directory which points to the physical folder. This works fine - the user connects using FTP and is completely isolated.
Microsoft have moved everything about in SBS 2011 and I can't work out how to configure the same thing.