Set up a VPC access connector

This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.

If you are syncing from Microsoft Active Directory (AD), you need a Virtual Private Cloud (VPC) access connector in Google Cloud to use Directory Sync. You use the VPC access connector to allow the Google Cloud project resources, such as a virtual machine or Cloud VPN, to communicate with AD.

If you're syncing from Microsoft Azure Active Directory, you do not need a VPC access connector.

What’s required

We recommend that you set up the VPC access connector in the same Google Cloud project that's hosting Cloud VPN, Cloud Interconnect, or AD. You need edit access to this project.

To set up the VPC access connector, follow the steps in Configure Serverless VPC Access

About access connector regions

Support for additional regions coming soon

  • We support VPC access connectors in 6 regions (us-central, us-west1, us-east1, asia-southeast1, asia-east1, and europe-west1). For details on regions, go to Regions and zones.
  • We recommend your VPC access connector is created in the same region as your Cloud VPN or Cloud interconnect.
  • If you set up your VPC access connector in a different region to your Cloud VPN or Cloud Interconnect:
    • When you create the VPC access connector, associate it with the nearest supported region. 
    • To ensure Directory Sync can communicate with your AD server, set the dynamic routing mode to Global. For details, visit Set the dynamic routing mode.

Next step

Enable the Data Connectors API

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu