This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.
Now you need to connect your LDAP directory using Directory Sync in the Google Admin console. Later, you can add other LDAP directories and connect to multiple directories at once.
You can set up multiple directory configurations but they must point to separate Active Directory servers. You can’t point more than one directory configuration to a single Active Directory server.
Before you begin
Make sure you:
- Meet the system requirements. For details, go to System requirements.
- Turn on the API. For details, go to Enable the Data Connectors API.
Add a directory
To complete these steps, you must be a super administrator or have the Manage Directory Sync Settings privilege.
- In your Google Admin console (at admin.google.com), click Directory
Directory sync.
- Click LDAP directories
- For Directory name, enter a name for your directory and, optionally, add a description.
- Click Continue.
- For Project ID, enter the ID from the Google Cloud project where you created the VPC access connector.
- For VPC access connector name, enter the name of the VPC access connector that you set up in Google Cloud. Use the following format:
projects/project id/locations/VPC location/connectors/VPC connector name
To find the values for VPC location and VPC connector name, in your Google Cloud project, click VPC network
- Click Continue.
- For Active Directory server details, enter:
- Host—IP address or fully qualified domain name of your Active Directory server.
- Port—Port number of your Active Directory server.
- Connection type—Select your connection type.
- Base DN—Base distinguished name (DN) in Active Directory. The base DN is used as the root for all searches. You can change this later when you set up your sync.
Example: ou=Sales, dc=example, dc=com
- DNS server—DNS server that can resolve your Active Directory host name.
- Authorized account and Password—The username and password of an account that has read access to your Active Directory server (usually a service account).
- Certificate—TLS client certificate. Click Attach certificate, navigate to your certificate, and confirm.
- Click Save and Test Connection.
This process might take up to a minute. If you close the window before the test is completed, you can check the results in the Admin audit log. If the test fails, you'll be prompted to re-enter your directory information.
- Click Continue or troubleshoot a failed connection (below on this page).
Troubleshoot a failed connection
If your connection fails, you can view information about the cause of the failure on the connection status page.
For additional troubleshooting information, you can view the Directory Sync log events data. For details, go to Check log events for Directory Sync.
Edit a directory
- Click the name of the directory that you want to edit.
- Next to Sync status, click Turn off
to deactivate the sync.
- Update the details of the selected directory.
- Click Save and Test Connection.
- Reactivate sync, if needed.
Remove a directory
Important: Make sure that you have retained any information you need from the LDAP directory before you remove it. When you remove an LDAP directory, the connection and sync setup is deleted. Any data that was synced to your Google cloud directory is retained.
- On the directory details page, next to Sync status, click Turn off
- Click Delete
Related topics
Next step
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
