Google Cloud Apps Admins

Google Apps Directory Sync - Part 1: Migration

Written by Christopher Alghini (Senior Cloud Strategist) | October 31, 2013

Google Apps Directory Sync (also known as Directory Sync or GADS) is a utility that can automatically add, delete or modify the users, groups, shared contacts, and calendar resources and OUs, in Google Apps to match the user’s LDAP directory server. Once the synchronization takes place, Google Apps changes to match the LDAP directory. This is done when Google Apps Directory Syncruns on the LDAP server and updates Google Apps and match LDAP directory. What GADS does not do is modify LDAP information. The latest version of GADS, 3.2.1, released in July 2013 and is available.


There are specific system requirements for GADS to function:

·  A server is needed to run GADS that must be of any one of the following OS: Microsoft Windows (supported on XP, Windows Server 2003/2008 or 2012, and Windows 7), Solaris (version 8+) or Linux (if 32-bit version of Google Apps Directory Sync is being used on 64-bit Linux system, then a 32-bit libc should be installed).

·         5 GB or more of disk space is required to log data and files. If the user is running with INFO level or DEBUG for logging then more space may be needed.

·         1 GB of RAM is recommended for less than 10,000 users and 2GB for more than 10,000.

·         Ensure that LDAP server is available with user information accessible by Google

Apps Directory Sync. All LDAP protocol versions are supported.

·         Network access on LDAP server is needed.

·         Another important requirement is to read and allow administrative access on the OU structure of LDAP server. This is needed along with network access to Google Apps through HHTPS – by proxy server including ports 443 and 80. For better results, network connection without proxy is recommended.

·         Finally, mail server to be able to accept and relay notifications from GADS.

How GADS work - Data Flow: firstly, GADS connects to LDAP server and generates all lists of users, shared contacts and users on the directory. Secondly, GADS connects to Google Apps and again generates lists of groups, users and shared contacts. Thirdly, GADS compares the lists and generates another list of changes. Fourthly, Google Apps Directory Sync updates Google Apps to match the LDAP server settings. Lastly, once the synchronization is complete, it will send a result report to email addresses that are specified beforehand.

Google Apps Directory Sync is able to offer a number of security features:

Since it runs in the user’s network and machine, the user is in control.

 It connects to LDAP server in your network through secure LDAP + SSL and this connection takes place on a port the user specifies.

Since it connect through HTTPs on port 443 to Google Apps, this connection can be easily run through proxy host on the network.

·         GADS does not stock any LDAP data on Directory Sync machine.

·         It has the ability to cache Google Apps information locally on the Directory Sync server.

There are a lot of key benefits derived from Google Apps Directory Sync. It synchronizes the Google Apps user accounts only to match the user data in LDAP server. It offers to support sophisticated rules for groups, custom mapping, user profiles, aliases, exceptions, calendar resources and shared contacts. It has the ability to carry out one-way synchronization – all data on LDAP server is not altered and changed. Since it runs as a utility in specified server environments, no other machine from outside can access LDAP directory or the server data – making it more secure.  It also includes a number of extensive tests along with great simulations so that correct synchronization takes place. Lastly, it has all the important components in its installation package.