This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.
Before you use Directory Sync, ensure you meet the following prerequisites and requirements.
Prerequisites
- You need a network connection between Google Cloud and your LDAP server. For details, go to Supported network connections.
- If your Microsoft Active Directory server is located on-premises or hosted outside a Google Cloud environment, you require a connection between Google Cloud and the LDAP server using Cloud VPN or Cloud Interconnect.
Account requirements
- A Google Cloud or Cloud Identity account with:
- Super administrator privileges in the Google Admin console.
- A Data Connectors or Connector Admin role in Google Cloud.
- If you want help managing Directory Sync, another admin with super administrator privileges or an admin with the Manage Directory Sync Settings privilege.
To be able to read but not update settings, you can give an admin the Read Directory Sync Settings privilege.
LDAP server requirements
For your LDAP server, you need:
- Active Directory (must support LDAPv3).
- An authorized username and password that has read access to your Active Directory server (to read user and group objects).
You need the following information from the Active Directory server:
- Host and port number.
- DNS server to resolve your Active Directory host.
- TLS client certificate to encrypt data transfer between the Active Directory server and Directory Sync.
Related topic
Create, edit, & delete custom admin roles
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.