This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.
If you plan to sync Microsoft Active Directory (AD) with Directory Sync, you must ensure that the network connection is available between Google Cloud and your LDAP server. Below is detail about the network connections we support for Directory Sync.
These connections are not required if you're syncing with Microsoft Azure Active Directory.
Option 1: AD server hosted in Google Cloud
In this scenario, AD is hosted in Google Cloud. You create a Virtual Private Cloud (VPC) access connector to allow Directory Sync to communicate with the AD server. To connect the server, you must have access to the Google Cloud project where AD is hosted.
If you're using a shared VPC, follow the steps in Configure connectors in the Shared VPC host project and Configure connectors in Shared VPC service projects, paying particular attention to the firewall rules.
Option 2: AD server hosted outside of Google Cloud
If your AD server is hosted in a non-Google Cloud environment (for example, on-premises), you can use Google Cloud VPN or Cloud Interconnect to set up your connection.
In both scenarios, you must have access to the Google Cloud project. You must also create a Virtual Private Cloud (VPC) access connector to allow Directory Sync to communicate with the Google Cloud project.
Connection using Google Cloud VPN–AD is connected to your Google cloud directory using Cloud VPN.
Connection using Cloud Interconnect–AD is connected to your Google cloud directory using Cloud Interconnect.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.