Back

Google Apps Directory Sync (GADS)

Google Apps MigrationGoogle Apps Directory Sync (GADS) synchronizes your LDAP or Active Directory infrastructure with your Google Apps domain. The software is able to transfer across information about your AD organizational units, user accounts, groups, user profile attributes, shared contacts, and calendar resources.

It’s important to remember that GADS doesn’t sync changes live, so if you add a new user to your AD domain you either have to run GADS manually or wait until the tool runs on a schedule.

All syncing is one-way (AD > Google Apps), so changes made in the Google Apps domain control panel are not transferred back to Active Directory. Because of this, in some instances changing account information in Google Apps can cause Google accounts to become disassociated with AD accounts, or at worse deleted when GADS syncs. Be careful!

Click to learn how Pingboard can sync and organize your Google Apps data.

Once you’ve perfected your GADS configuration you can schedule regular synchronizations to update Google Apps with any changes made in Active Directory.

It’s important to note that GADS does not synchronize Active Directory passwords. The reason for this is that Active Directory passwords are not accessible via LDAP, and as such the GADS tool cannot access this data. To synchronize AD passwords to Google Apps another tool, Google Apps Password Sync (GAPS) is used.

In this example I am assuming you are using Google Apps Directory Sync version 3.1.3 to synchronize a Microsoft Active Directory environment.

One of the main issues I came across when using GADS is that documentation, even from Google, is patchy, and the terminology can be confusing as Google and Microsoft use different terms for similar features. What I wanted was a detailed overview of each of the options in GADS. This is what this is!

Enabling The Provisioning API

The provisioning API is the bit of Google Apps which allows external applications to plugin and manage Google Apps data. Before you can use GADS you need to enable the provisioning API in your Google Apps control panel:

  1. Log in to your Google Apps administrator control panel.
  2. Click Domain Settings from the top menu, and then click the User Settings tab.
  3. Check the box labelled Enable Provisioning API.
  4. Click Save Changes.

Installing Google Apps Directory Sync

Now to GADS itself. Download and install Google Apps Directory Sync. You can install it on any Windows or Linux machine. I’m using Windows, but the instructions are the very similar for Linux.

Installation is simple, and once installed you can access the software from the Windows Start Menu — you want the Configuration Manager application. If you’re on Windows Server 2012?

Getting Started

The first thing you will see is the General Settings tab. From here you can select which portions of your Active Directory are synchronized to Google.

Google Apps Directory Settings

To keep things simple we’re going to sync the three most common attributes — organizational units, user accounts, and groups.

Organisational Units

Organizational Units (OU) refer directly to Active Directory organizational units. By synchronizing OUs you can retain the hierarchical structure of your Active Directory when synchronizing accounts with Google Apps.

Tip: AD Organisational Units are referred to as “Suborganizations” in Google Apps.

You don’t have to transfer your OUs one-to-one either, you can choose which OUs to sync, and even transfer one OU to a differently named Google Apps Suborganisation.

User Accounts

Which AD users GADS should sync?

It’s important to remember that GADS does not synchronize passwords, it doesn’t even transfer them across at all. So, even if you’ve successfully synchronised all of your AD accounts, your users won’t be able to login to them. This is because passwords in AD are stored outside of the LDAP AD user object in a place GADs is unable to access. To synchronize passwords you require Google Apps Password Sync (GAPS) — I’ll be posting an article on GAPS later.

Groups

Groups refers to your Active Directory groups. Group sync allows you to pass over objects such as mailing list groups from AD.

Further Options

GADS also allows you to synchronize the following:

Next up: Google Apps Configuration, Proxy Settings, and Exclusion Rules >>

Karl Rivers
by Karl Rivers Karl is an award winning school Network Manager, IT Lead Professional for Bedfordshire Borough Council, and is an ICT Across the Curriculum Co-ordinator based near London, England. He has been working in education for more than ten years and founded ClassThink in 2013 to share technology best practice with other schools. In 2014 he won the NAACE Impact Award for support services in schools, and writes edtech articles for Education Executive Magazine.