Google Cloud Apps Admins

Google Updates Key Active Directory Integration Tool for G Suite.

Written by Joey Allen (GCP Apps Admin) | October 19, 2016

Google recently announced changes to its Google Apps Directory Sync tool, which now boasts improved functionality and a new name. The tool is now called Google Cloud Directory Sync (GCDS). It supports a number of cloud-based services and products. The changes are part of a broader effort by the tech giant to improve and rebrand its cloud-based services.

 

The GCDS tool provides an easy and secure way to sync data between the LDAP server or Microsoft Active Directory. The data incorporates shared contacts, Google users and groups without altering the directory server. It is also designed to track groups and users.

Benefits of using the GCDS tool

  • Ensures sync accuracy by carrying out simulations and extensive tests
  • Allows custom mapping of calendar resources, user profiles, groups, aliases, users and non-employee contacts
  • Provides multiple security features
  • Ensures accuracy of all synced data between the directory and Google domain
  • The installation packs come with a variety of components for added convenience
  • Does not access the directory outside your perimeter
  • One-way synchronization prevents data modification on the LDAP server

 

New functionality for LDAP Sync for G Suite Apps

 

The Google Cloud Directory Sync tool now boasts several updates aimed at improving overall functionality.

Some of the changes implemented in version 4.4.0 include:

  • Release 4.4.0 has the capacity to properly add group memberships on initial group creation and synchronization
  • Only supported features are displayed by the tool's interface
  • GCDS now only shows plain text EULA during installation from the command line. It previously displayed raw HTML EULA.
  • Sets random passwords on the first sync only
  • Ability to initiate synchronization without configuring email notification settings
  • Employs Java JRE v1.8 and TLS v1.2 for HTTPS connections.
  • Password change commands are now properly configured for new accounts
  • Domains covered by the Managed Google Domain Terms are compatible with GCDS EULA
  • Allows users to re-authorize the tool with a different account regardless of auth token's validity

 

How the Google Cloud Directory Sync tool works

 

The Google Cloud Directory Sync tool syncs data appearing on the list from the Active Directory or LDAP server. The operation is guided by the rules you set in relation to list generation. Once the tool links up with the domain, it generates a list of contacts, groups and users in accordance with your specifications. GCDS ensures accuracy by verifying the lists before updating the domain.

 

G Suite/LDAP Synchronization Basics

 

  • Organizations are arranged based on categories, such as location and department. This allows you to sync items manually or automatically.
  • When it comes to passwords, GCDS only syncs those without salted hashes and stored in either the MD-5 or SHA-1 format. The tool allows you to manage the settings separately when aiming to change the configuration.
  • The ability to have multiple LDAP directory alias attributes enables users to employ more than one nickname in the Google domain
  • Identical mailing lists in both Google domain's public groups and the LDAP server provide a way to control access to documents and sites. It is possible to create private groups that are not synced
  • Users in the Google domain are arranged by email address
  • GCDS does not sync calendar data, personal contacts and legacy messages. To perform this operation, you need to use a migration tool.
  • The Google Cloud Directory Sync tool is designed to sync extended LDAP data like addresses and phone numbers as user profiles

 

LDAP directory preparation

 

To deploy the tool faster, you need to prepare well by identifying LDAP resources. It is recommended that you install an LDAP browser like JExplorer prior to collecting data.

The data collection stage requires the following:

  • Outbound connections, network access and proxy servers
  • Confirmation that your server environment satisfies all requirements
  • Server account credentials with execute and read permissions
  • The server's IP address and host name

To use more than one LDAP directory, you need to either employ a global catalog or consolidate server data into a single directory. However, it is important to note that global catalogs require rigorous to ensure reliability.

 

Server Data Cleanups

 

To clean data properly, perform the following actions:

  • Set password and username rules to prevent use of unsupported characters
  • Compile a list of users to be included in the sync operation
  • Identify and incorporate groups that function as mailing lists
  • Setting naming conventions is an optional operation that allows you to identify and specify naming configurations
  • Populating a password attribute is an another optional approach

The Google Cloud Directory Sync tool gives you an opportunity to research your server structure. Employing an LDAP browser simplifies the data collection process. On the other hand, it is also possible to mark Google users in the LDAP directory. This is aimed at simplifying queries. The process enables you to shortlist users for synchronization with by marking them with a specific name. You can change the descriptive name when the sync process is complete.

 

Use the link above to download Google Cloud Directory Sync.  If you need assistance with setup, configuration or ongoing maintenance contact us and speak with a Google Certified Administrator.