What is Google Cloud Directory Sync (GCDS)

Google Cloud Directory Sync (GCDS)

With Google Cloud Directory Sync (GCDS), you can synchronize the data in your Google Account with your Microsoft Active Directory or LDAP server. 

GCDS doesn't migrate any content (such as email messages, calendar events, or files) to your Google Account. You use GCDS to synchronize your Google users, groups, and shared contacts to match the information in your LDAP server.

Benefits of using GCDS to sync data

• Runs as a utility in your server environment

Includes all necessary components in the installation package. Includes several features to make your data more secure. There is no access to your LDAP server data outside your perimeter.

• Syncs users, aliases, groups, and other data with your Google Account

Ensures your Google data matches that of your Active Directory or LDAP server. Performs a one-way synchronization. Data on your LDAP server is never updated or altered.

• Configure rules for custom mapping

Allows you to configure rules for custom mapping of users, groups, nonemployee contacts, user profiles, aliases, calendar resources, and exceptions.

• Easy installation and setup

Can easily set up the configuration using default values, guides through the synchronization also includes a stimulation stage to make sure the configuration is tested.

• Uses rules and exclusions so you can omit data from a sync

Set up exclusion rules to omit data such as users, profiles, groups, organizational units, or calendar resources from a sync.

How GCDS works

1. You set up rules to specify how the system generates a list of your data.
2. During a sync, the list is exported from your LDAP server.
3. GCDS connects to your Google Account and generates a list of users, groups, and shared contacts that you specify.
4. GCDS compares these lists and updates your Google Account to match the data.
5. After the synchronization, you get an email report so that you can monitor the process.
   
   

System requirements

• Google accounts

1. 1. A Google Account or Cloud Identity account
   2. A Google Workspace or Cloud Identity super administrator account

• GCDS Server

1. 1. server to run GCDS with one of the following operating systems:

• • Microsoft Windows (supported on Windows 7, 8, and 10, and Windows Server 2008, 2012, 2016, and 2019).
  • Linux—If you’re using a 32-bit version of GCDS on a 64-bit Linux system, a 32-bit libc (such as libc6-i386) must be installed.

• LDAP Server

1. 1. All versions of LDAP are supported.
   2. GCDS must be able to access the user information from the LDAP server. 
   3. LDAP administrator access to your directory server.
   4. Network access to your LDAP server. You don't need to run GCDS on your LDAP server.
   5. Read permissions in LDAP server for the organizational units that you want to sync. 
   6. An LDAP browser that can read and browse your LDAP directory server data.

• Network requirement

1. 1. Network access to your Google data through HTTPS directly or through a proxy server. Ensure ports 80 and 443 are open.
   2. Access to one of the following ports to allow the SMTP server to send email notifications: 25, 465, or 587. You decide how to set up email notifications in Configuration Manager.
   3. If required, access to TLS Certificate Authorities (CAs) for your network.
   4. (Recommended) A network connection to your Google Account with no proxies or firewalls.
   5. GCDS uses the following APIs:

• • Directory API
  • Cloud Identity API
  • Groups Settings API
  • Enterprise License Manager API
  • Domain Shared Contacts API

• Encryption

1. 1. GCDS to LDAP:

• • Encrypted by SSL when the connection type specified in Configuration Manager is LDAP+SSL.
  • No encryption is used if the connection type is Standard LDAP.

1. 1. GCDS to Google connections is encrypted using HTTPS.
      
      

Please check the below-supporting articles for installation, configuration, and any further reference.

GCDS Best Practises

Install & Prepare GCDS

About GCDS