I'm very new to this so I apologise. I am trying to work with an FTP site we had set up by a consultant that isn't working as we expected. We have an FTP site set up in IIS 7.5 with a default domain. We have user isolation set up to username folder. In Active Directory we have group set up for users who we have created so they can access the FTP site. However, what I have noticed that ANYONE with a AD login can login to our FTP site - even those not in that group. If you login with AD login that does not have a folder for that useroot. name - you end up at the root of the FTP site.
How can I limit it to only users who are part of a certain AD group can use their AD login to access the FTP?
Can I create users for the FTP site that are not AD for external people?
I'm also wondering if it's not considered a poor security choice to use AD for FTP logins? Is that standard? Is it better to have logins that are not tied to AD for security reasons? An AD login potentially lets them be able to access things other than FTP correct? Could I change our site and create logins that aren't part of AD? Would that be preferable?