Google Cloud Directory Sync release notes

Use these release notes to review improvements and new features in each version of Google Cloud Directory Sync (GCDS).

For details about the current list of known issues, go to Google Workspace known issues

Important updates


Some earlier versions of GCDS fail during authentication or re-authentication. If there's a failure, you get a 400 error with the message: The version of the app you're using doesn't include the latest security features to keep you protected. Please make sure to download from a trusted source and update to the latest, most secure version.

Check your version of GCDS before you authenticate:

  • GCDS version 4.5.7 or earlier—You can continue to use GCDS, but attempts to authenticate using the GUI or command line fails with the error message. Install the latest version of GCDS. For details, go to Update GCDS.
  • GCDS versions after 4.5.7 and before 4.7.14—You can continue using GCDS and authenticate using the GUI. Authentication using the command line fails with the error message. To avoid authentication errors, install the latest version of GCDS. For details, go to Update GCDS.
  • GCDS versions 4.7.14 or later—You can continue using GCDS and authenticate using the GUI. If you need to authenticate using the command line, follow the steps in How do I authorize GCDS on a machine without a GUI?

Product name & installation directory

With GCDS version 4.4.0, the product name and installation directory have been updated. If you created tasks or cron jobs that run the tool on a schedule, you need to update these to point to the new installation directory.

Expand all  |  Collapse all

Release notes for 5.0.31

March 7, 2024

What's new
  • Added the following SKUs to the default licenses list. The new SKUs are available by default for new configurations. For existing configurations, you can add the SKUs on the Licenses page of Configuration Manager by clicking SKU Managementand thenUse defaults. For details, go to Manage & assign licenses.
    • Google Workspace Enterprise Starter
    • Google Workspace Enterprise Essentials Plus
    • Google Workspace Frontline Standard
    • AppSheet Core
    • AppSheet Enterprise Standard
    • AppSheet Enterprise Plus
    • Duet AI for Enterprise
  • Added enhanced email notification options:
    • Compress attachment–A new option in the Notification settings that allows you to compress the sync report before sending it.
    • Automatic report compression–To avoid email attachment size limitations, GCDS now automatically compresses sync reports that exceed 24 MB.
    • Overflow protection for large reports–If a report exceeds 24 MB even after compression, GCDS stores it locally and sends you the file path in an email. 

      Note: Reports are compressed in ZIP file format.

  • Added an Invalid characters replacement option to the user settings. In group settings, the feature is now optional. You can define how you want to handle invalid characters in user and group email addresses. For details, go to User attribute settings and Group search rules (prefix-suffix).
  • Enhanced text for Simulation choices, providing clearer descriptions of the options.
  • Improved the clarity of the user profile and shared contact attributes with headings and logical groupings.
What's fixed
  • Removed deprecated OAuth out-of-band (OOB) authorization option from the GCDS Upgrade Config tool. It was no longer working due to changes in Google's OAuth mechanisms.
  • Fixed an issue where the group description attribute failed to be synced by automatically replacing tab (\t) and carriage return (\r) characters with spaces.
  • Fixed an issue where the Users search query field couldn't be set to blank after being used.
  • Fixed an issue where aliases in X400 or X500 format caused update failures and retries. GCDS does not support these formats, and they are now ignored.
  • Fixed an issue where, following a user rename, a user sync failed with the error Duplicate key.
  • Fixed an issue where some network and TLS errors when connecting to Google caused the connection to not retry.
  • Upgraded the Apache Derby from version to Java 8 compatible version This internal upgrade is built from the source. It addresses and mitigates the Common Vulnerabilities & Exposures (CVE) CVE-2022-46337.
    Note: Some third-party scanning tools might still flag the bundled Derby as vulnerable, even though the upgrade successfully addresses the issue per the CVE suggestions.
  • Fixed issues in a user profile sync, where:
    • User profile update was not reported or saved in the cache when merged with a new user
    • User and user profile modification counts were incorrect

Release notes for 5.0.28

September 5, 2023

What's new
  • GCDS now uses Azul Zulu OpenJDK version 1.8.0_382-b5 instead of Oracle Java.
  • Updated some third-party libraries to more recent versions. 

Release notes for 5.0.22

January 23, 2023

What's new
  • Added support for the user display name attribute.
  • GCDS now supports the Users Search Query field to filter users retrieved from your Google Account. For details, go to Omit data with exclusion rules & queries
  • Improved performance when syncing users and user profiles in the same synchronization.
What's fixed
  • Fixed an issue where GCDS failed to save new configuration files when creating license assignments.
  • Fixed an issue where the = character isn't allowed for the password attribute in the upgrade-config utility.
  • Fixed an issue where group members weren't added to a group if the group was created using a prefix or suffix that contains an uppercase letter.
  • Fixed an issue where GCDS stopped a synchronization if it found a group with an empty email address.
  • Fixed an issue where a user profile wasn't created if the matching user was created in the same synchronization.

Release notes for 5.0.20

October 17, 2022

What's new
  • Upgraded the Apache Log4j open-source logging framework to Log4j version 2.17.1.
  • Notification settings now allow you to add a prefix to the email subject line (useful for multiple sync configurations).
  • For easier troubleshooting, if GCDS doesn't suspend a user due to their super administrator privilege, it adds an entry in the logs.
What's fixed
  • Fixed an issue where the updating of organizational units fails.
  • Fixed an issue where an update to a user profile fails due to a "412 User creation is not complete" error. GCDS now retries this error.

Release notes for 4.7.18

March 29, 2022

What's new
  • Added the Google Workspace for Education Fundamentals SKU to the default licenses list. The new SKU is available by default for new configurations. For existing configurations, you can add the SKU on the Licenses page of Configuration Manager by clicking SKU Managementand thenUse defaults. For details, go to Edit, reset, or remove licenses.
  • Added the version number to the windows title.
What's fixed
  • Fixed an issue where, if custom schemas weren't selected, GCDS failed to save new configuration files.
  • Fixed an issue where crypt hashes weren't cached and displayed a truncation error.
  • Fixed an issue where group aliases were removed if the group alias attribute wasn't set.
  • Fixed an issue where new users weren't prompted to change their password when they next signed in, even when Force new users to change password was selected.

Release notes for 4.7.14

February 8, 2022

What's new
  • Added the Google Workspace Frontline SKU to the default licenses list. The new SKU is available by default for new configurations. For existing configurations, you can add the SKU on the Licenses page of Configuration Manager by clicking SKU Managementand thenUse defaults. For details, go to Edit, reset, or remove licenses.
  • Added support for group aliases. To learn more about adding an alias, go to Give a group an additional "alias" address.
  • Added support for exporting and importing encryption keys allowing you to authorize GCDS in environments without a graphical user interface. For details, go to How do I authorize GCDS on a machine without a graphical user interface (GUI)?.
  • Custom schemas now support encoding scheme selection for binary attributes. The supported encoding schemes are:
    • Base 16 (Hex)
    • Base 32
    • Base 32 Hex
    • Base 64
    • Base 64 URL

    For details, go to Sync custom user fields using a custom schema.

    Note: The new encoding schemes also apply to identity-mapped groups.

  • GCDS now provides trace-level logs for custom field attributes during custom scheme comparison. 
  • Custom schema fields now support names with spaces.
  • Added word wrapping to the user interface reports.
What's fixed
  • Improved performance for user sync over GCDS version 4.7.12
  • Fixed an issue where a Google user was suspended but this was not reflected in the cache, causing the same user to get suspended repeatedly on every sync.
  • Fixed an issue when, upon creating a user, the hashing mechanism used for default and random passwords was incorrectly displayed as SHA-1 instead of crypt.
  • Fixed an issue where a user email domain was incorrectly updated when other attributes were modified and the Replace domain names in LDAP setting was selected.
  • Fixed an issue where a user profiles sync failed for some users if they were created during the same sync.
  • Fixed an issue where the deletion of organizational units started to fail.
  • Fixed an issue where group owners couldn't be removed when the Replace domain names in LDAP setting was selected.
  • Fixed an issue where multivalued attributes in custom schemas were compared incorrectly, causing the attributes to be updated on every sync.
  • Improved performance when creating a large number of identity-mapped groups.
  • The Java virtual machine (JVM) used by GCDS now uses UTF-8 as the default encoding. Using UTF-8 prevents some encoding issues, such as non-Latin characters being displayed incorrectly.
  • Minor improvements in the logs and report content for better readability.

Release notes for 4.7.12

May 3, 2021

What's new
  • Added Google Workspace for Education SKUs to the default licenses list. The new SKUs are available by default for new configurations. For existing configurations, you can add the SKUs on the Licenses page of Configuration Manager by clicking SKU Managementand thenUse defaults. For details, go to Edit, reset, or remove licenses.
  • GCDS now uses the crypt function to hash default and random passwords.
  • Identity mapped groups now support hex, base 32, and base 64 as encoding schemes for any binary attributes. Hex is the new default if you have synced identity mapped groups. Base 64 is used for backwards compatibility. The encoding scheme can be changed in the configuration file. For information, go to Sync groups and users to a Cloud Search identity source.
What's fixed
  • Fixed an issue where GCDS failed to sync group members that have spaces in their email address in LDAP.
  • Fixed an issue where GCDS caused collisions when syncing users with the Replace domain name in LDAP box selected and duplicate user aliases.
  • Fixed an issue where, on rare occasions, Active Directory attributes (such as objectSID, objectGUID, and so on), were read as text attributes instead of binary attributes.
  • Fixed an issue where GCDS failed to sync identity-mapped groups with more than 1500 members in Active Directory.
  • Fixed an issue where custom schemas with field names containing spaces failed to sync. Inner whitespaces are now converted to an underscore. Leading and trailing whitespaces are removed. This matches the behavior when adding schema fields in the Google Admin console. For details, go to Sync custom user fields using a custom schema

Release notes for 4.7.10

January 19, 2021

What's new
  • Support for the new Google Workspace SKUs in the Licenses tab.
  • You can now add, edit, and delete Google Workspace SKUs in the Licenses tab. Doing so allows you to assign licenses that are not yet packaged within GCDS but are available for assignment through the Enterprise License Manager API. For details, go to Manage & assign licenses.
  • GCDS now sets Active Directory as the default LDAP server type for new configurations. You can change this selection in Configuration Manager.
What's fixed
  • Fixed an issue where GCDS failed to sync group members that have spaces in their email address in LDAP.
  • Fixed an issue where GCDS failed to sync calendar resources if there were no calendar resources in the Google Workspace domain.
  • Fixed an issue where GCDS failed to sync calendar resources if the calendar resource attributes didn’t have brackets.
  • Fixed an issue where the sync started after closing the Sync & apply changes confirmation dialog. Now GCDS cancels the sync when closing the dialog.

Release notes for 4.7.9

August 27, 2020

What's new
  • Support for Archived User (AU) licenses in the Licenses tab. Learn more about Archived User licenses
  • Support for POSIX account attributes in the User Profiles tab.
  • Support for the <, >, and = characters in group descriptions.
  • Added a new popup notification when an updated version of GCDS is available. Additionally, it's now possible to update GCDS from Configuration Manager.
  • If the sync stops because it reaches a deletion or suspension limit, additional details are shown in the email notification and the report displayed in the Configuration Manager UI. Learn more about how to Use limits with GCDS.
What's fixed
  • Fixed performance degradation when a large number of users were being synced.
  • Fixed an issue where custom schema changes weren't correctly saved in the cache.
  • Fixed an issue where custom schema field type double was being incorrectly handled.
  • Fixed an issue where custom schema fields weren’t correctly deleted from the users in Google domain.
  • Fixed incorrect text when displaying the information about exceeded group members limit.
  • Fixed incomplete information when displaying the Apply report if group modifications had failed. GCDS now shows failed and successful modifications in the same report.
  • Fixed an issue where available licenses weren’t correctly assigned in the Google Account.
  • Fixed an issue where an empty organizational unit caused user modifications to fail.

Release notes for 4.7.6

May 21, 2020

What's new
  • Support for G Suite Enterprise for Education SKU in the Licenses tab.
  • Support for Recovery email and Recovery phone in the User Profiles tab.
  • Support for Cost center information in the User Profiles tab.
  • Support for SMTP over TLS 1.2 for sending email notifications. You don't need to take any action. GCDS automatically uses the latest version. 
  • Added an option to select how the sync report is sent. You can choose to have it sent as an attachment to the notification email or in the email body.
  • Added options to prevent GCDS deleting users, groups, and organizational units. When enabled, GCDS creates and updates (but doesn't delete) entities.
  • Changes to the way users are synced. GCDS now takes advantage of the patch semantics offered by the Directory API allowing GCDS to run as a user with a reduced set of user update privileges. The sync can run if the proposed changes are within the role's set of privileges. For details, see custom admin roles.
  • When installed on Windows, GCDS now uses the system Trusted Root Certification Authorities certificate store as the default trust store.
What's fixed
  • Performance improvement in LDAP + SSL communication.
  • Fixed an issue where GCDS failed to sync licenses when the Replace domain names in LDAP option was selected.
  • Fixed an issue where multivalued attributes in a custom schema sync were skipped if a value failed. Now, GCDS reports the incorrect values and continue to sync the rest.

Release notes for 4.7.3

January 2, 2020

What's new
  • GCDS now lets you decide how to sync Google Group managers. For details, see Manager role configuration policy
  • Support for Additional emails and Websites information in the User Profiles tab.
  • Support for the G Suite Essentials SKU in the Licenses tab.
  • The sync report is now sent as an attachment to the notification email.
  • Changes to the user interface:
    • Added an alert when the limits set are above the recommended thresholds.
    • To avoid unexpected changes to your Google data, a pop-up has been added that recommends you run a simulation when the configuration file is modified.
What's fixed
  • Fixed an issue where GCDS failed to read the cache when it was updated to version 4.7.2.
    Related error message: ERROR 42X05: Table/View 'GROUPS_OTHERS' does not exist.
  • GCDS now automatically retries API requests that failed with a 429 error code (Rate limit exceeded).
  • Fixed an issue where groups with incomplete email addresses were being deleted and recreated. This issue was seen when the Replace domain name in LDAP option wasn't enabled.

Release notes for 4.7.2 and earlier

Earlier version release notes

Release 4.7.2
October 21, 2019

What's new
  • GCDS now lets you set a deletion limit for group memberships. For details, see Use limits with GCDS
  • The placeholder "#{timestamp}" has been added to Logging settings. The placeholder is replaced by an actual timestamp (for example, 0190501-104023) in each execution before the log file is saved to the HDD.
  • The UI shows log size in MB instead of GB.
  • The reason for a user's suspension is shown in the Diff and Apply reports.
What's fixed
  • An optional object class attribute field was added to "Groups search rule configuration." It fixes a counting issue and an issue with the retrieval of email addresses of nested groups. The field is only needed when a group’s email address attribute is different to the user’s email address attribute.
  • Fixed an issue where GCDS ignored Google OU exclusion rules when running a Licenses sync.
  • Fixed an issue where the Diff report wasn’t correctly displaying all the user’s modifications.
  • The "Replace domain names" option also works with the Identity Mapped Groups members, making it consistent with the rest of the program.
  • Fixed an issue where the Identity Mapped Groups delete limit didn't work correctly.
  • Fixed an issue where GCDS proposed membership deletion when it wasn’t able to retrieve the member's data from the LDAP server due to connection or authorization errors. Now, GCDS skips the groups with LDAP connection issues and logs the reason for the error. For more information, see GCDS error messages.

Release 4.6.4
July 1, 2019

What's fixed
  • GCDS now removes the custom Manager role as that role exists in G Suite but not in Active Directory. The role is synced as either the Owner or Member role (based on the AD configuration).
  • Setting authentication via the command line no longer gives error messages.
  • Performance improvement for large customers when loading license assignment. This process no longer causes the UI to freeze.
  • Improved license assignment functionality. You can no longer assign licenses when there are none available.
  • Cloud Search customers syncing Identity Mapped Groups no longer skip nested groups due to case sensitivity.
  • Exception information added to INFO logs (previously only available in email report).
  • Updated report to show correct information when user is moved to the root organizational unit.
  • Cloud Search customers can specify group member attribute when syncing Identity Mapped Groups (useful for non Active Directory servers).

Release 4.6.3
February 11, 2019

What's new

Added support for syncing Identity Mapped Group members using a different user member attribute.

What's fixed
  • Fixed an issue where GCDS reset the Area field to an empty value, preventing the user’s location showing in Google Calendar.
  • Fixed an issue where GCDS didn't see Google users if those users had extremely long names.
  • Fixed multiple issues where user attributes were not correctly updated.
  • Fixed an issue where GCDS attempted to re-add group owners as members in each sync, which generated lots of log events.
  • Fixed an issue where GCDS imposed a lower size limit on custom schema values than the API.
  • Fixed an issue where GCDS did not suspend users as expected when using a custom schema sync.
  • Fixed an issue where GCDS didn't honor the log level provided in the command line if a different level is specified in the configuration file.

Release 4.6.2
November 19, 2018

What's fixed
  • Fixed an issue where GCDS version 4.6.1 ignored group exclusion rules.
  • Fixed an issue where GCDS raised an error when a Google Group contained all users in the domain.

Release 4.6.1
October 31, 2018

What's new

Added support for Cloud Search integration, allowing you to synchronize groups from Identity Sources residing in Active Directory. The support simplifies synchronization of data between Cloud Search and Active Directory.

Release 4.5.7
March 19, 2018

What's new

Added support for the Building ID and Floor Name attributes, allowing admins to establish a mapping under User Profiles to the corresponding fields in the LDAP server. This simplifies synchronization of data between LDAP and structured room booking.

Release 4.4.26
March 1, 2017

What's new
  • Significantly improved processing time for user schema synchronization.
  • Logging improvements: new logging for primary address conflicts and additional logging details for user schema synchronization.
  • Improved the license synchronization report.
  • Added support to sync new G Suite Enterprise license.

Release 4.4.22
December 1, 2016

What's fixed

Fixed an issue where GCDS would constantly rename the primary address on an account when it encountered a conflict. The conflict occurred between an alias on an existing Google account and a new user in Active Directory that was created using the email address already assigned as an alias to a Google user.

Note: If you are impacted by this issue we recommend you first correct the conflicting email alias by removing it from the Google account. Delete the existing nonAddressPrimaryKeyFile.tsv file from the GCDS user’s home folder (%userprofile% on Windows and ~/ on Linux). Install the latest GCDS update. The nonAddressPrimaryKeyFile.tsv will be regenerated on the next user sync.

Fixed an issue where a value was not removed from Google Custom Schema when the value was cleared from Active Directory.

Release 4.4.21
October 26, 2016

What's fixed

Fixed an issue where GCDS required a value be set for username and password for the SMTP configuration.

Fixed an issue where Custom User Fields were not being updated due to an issue with the GCDS cache and compare operation. 

Note: We recommend that you first flush the cache, if you are syncing Custom User Fields. To flush the cache, use command option -f or select the UI option.

Release 4.4.19
October 18, 2016

What's new

Google Apps Directory Sync now Google Cloud Directory Sync

Google Apps Directory Sync has a new name, Google Cloud Directory Sync (GCDS). We have renamed the product because it's more than a Google Apps-specific tool. If you use G Suite, Cloud Identity, or other features that use managed Google domains, you can use Google Cloud Directory Sync to provision users and groups, as well as other information like profile data for users.

Only supported features now show on interface

Google Cloud Directory Sync interface now only shows sync features supported by your domain type. For example, a managed Google domain used only for Android doesn't support Shared Contacts, so this sync feature isn't displayed.

Java update

Google Cloud Directory Sync now uses the latest Java JRE 1.8, which by default uses TLS v1.2 for HTTPS connections.

EULA update

Google Cloud Directory Sync EULA now includes customers who may use a domain covered by the Managed Google Domain Terms.

What's fixed

Fixed issue where Google Cloud Directory Sync would display a “Connection failed - null” message if there was a connection error when testing SMTP notifications. The tool now displays a proper error message. 

Fixed issue where random passwords for accounts were being synchronized on the first sync as well as subsequent syncs. Passwords are now set on the first sync only.

Fixed issue in introduced in version 4.3.2 where users weren't being provisioned with the defined default password.

Updated the UI to allow the reauthorization of GCDS using a different user account even if GCDS has a valid auth token.

Fixed issue where a user-created group that is later configured to be synchronized by GCDS wasn't removing user members after being managed by GCDS.

Admins are now allowed to perform a sync in the UI even if the admin hasn't configured email notification settings.

Fixed installer to display plain text EULA vs raw HTML EULA when installing from the command line. 

Fixed issue where Force new users to change password was not properly set on account creation.

Fixed issue where group memberships may not be added on initial sync with group creation.

Release 4.3.2
July 6, 2016

What's new

New custom schemas synchronization feature enables administrators to sync additional LDAP attributes to user accounts.

Custom schemas allow administrators to define LDAP user attributes that are to be synced to user accounts in the domain. The custom schema data can be used by features like Google SAML-based Federated SSO or other cloud applications that use the Directory API.

Improved trace level logging details for API errors.

What's fixed

Fixed an issue where group descriptions containing a new line in LDAP fails when being applied to the Google group.

Fixed an issue where user-created groups' permissions were being reset by GADS to the default group permissions settings.

Fixed an issue where the City field was not synced properly and didn't display correctly in the contacts interface.

Release 4.2.1
March 29, 2016

What's fixed

Fixed an issue where GADS wasn't updating the a user’s primary organization value, when the primary organization previously existed but didn't originate from GADS.

Fixed an issue where GADS wasn't saving the custom email address attribute defined in the license sync configuration.

Release 4.2.0
February 23, 2016

What's new

API update

GADS now uses the latest version of the Admin SDK Calendar Resource API.

Replace primary domain name with secondary domain name

Added new feature to enable administrators to replace the primary Google Apps domain name with a secondary domain name for all GADS operations.

What's fixed

Fixed an issue where the default permission for groups created by GADS allowed anyone/public to be able to send mail the group. The default permission for new groups is now restricted to the members of the domain: ALL_IN_DOMAIN_CAN_POST -- Anyone in the account can post a message.

Groups are created with the following default permissions:

  • Who can view: All members of the group
  • Listing: Do not list this group.
  • Who can view members: Only managers and owners can view the group members list.
  • Who can join: Anyone in the organization can ask to join.
  • Allow External Members: Disallowed.
  • Who can post messages: Anyone from your domain can post.
  • Allow posting from the web: Allowed.
  • Who can invite new members: Managers and owners only
  • Message moderation: No moderation.
  • Message archival: Archive is disabled.
  • Allow External Email: Disallowed.

Fixed an issue where GADS wouldn't obey exclusion rules in the same way for users as for user profiles, resulting in unnecessary log entries when an exclusion rule was designed to exclude user profiles. Exclusion rules are now applied once for both user and user profiles.

Fixed an issue where GADS synchronization could take hours for large domains.

Fixed an issue where proxy settings weren't being respected when validating a GADS configuration’s existing authorization state. The GADS Configuration Manager would always show Not Authorized. Proxy settings are now used when validating GADS's configuration and authorization.

Fixed an issue where GADS was case insensitive for given names and family names. GADS now properly detects case sensitivity changes for given name and family name values

Fixed an issue where, in some cases, GADS failed to update any user profile data due to an error handling specific changes to the organization value. GADS now properly handles updates or deletions of organization information on user profiles.

Fixed an issue where exclusion rules weren't followed when users were moved out of the LDAP search rule scope. GADS now flushes the cached data when exclusion rules have been added or modified to ensure a fresh cache is built before determining changes.

Fixed an issue where GADS was processing group deletes in Google Apps even when the optional SKIP_GROUP_DELETES setting was configured in the GADS XML configuration. GADS no longer processes group deletes when the optional value SKIP_GROUP_DELETES is defined in the XML configuration.

Fixed an issue where, in certain cases, GADS would fail to properly handle group exclusion rules. GADS now processes group exclusion rules before processing the domain name change when Replace domain names in LDAP is enabled.

Fixed an issue where GADS would show an InvalidNameException error when attempting to normalize the Manager and Assistant Distinguished Name values if they contained commas. GADS now correctly detects commas and normalizes the Manager and Assistant Distinguished Name values correctly.

Release 4.1.0

What's new

New license synchronization feature assigns specific licenses to Google Apps user accounts.

The license synchronization feature allows you to manage license assignments for your Google Apps user accounts. For example, you might have purchased different product SKUs for your domain (such as Google Apps for Work and Google Apps Unlimited) and you can use the license synchronization feature to apply the different types of licenses to your Google Apps user accounts.

Release 4.0.5

What's new

Updated GADS Admin guide link and "Learn More" links

The GADS Admin guide content has moved to the Help Center (no longer a single PDF guide). All the help and "Learn More" links in the UI and error messages have been updated.

Improvements to user creation

Previously GADS user creation behavior would create users in the root organizational unit (OU) and then move the user account to the proper destination OU. GADS now creates user accounts in the proper destination OU at creation time.

What's fixed

Fixed an issue where GADS incorrectly retries to change groups again and again. In rare cases, GADS incorrectly performs a comparison of Google Apps data and LDAP data before all data is loaded, causing redundant changes to be suggested. This causes redundant requests to Google, trying to make changes that were already made before (for example, adding members to a group although they were already members). Now GADS now correctly handles these cases, and the comparison only starts after all data has been loaded.

Fixed an issue where GADS skips processing all groups whenever an exception occurred while processing any single group. When GADS failed to sync any single group it would stop processing the entire group sync process. GADS now properly continues to sync the next group in the list when the a single group fails due to an exception.

Release 4.0.3

What's fixed

Previously, GADS would load aliases separately to loading the users. Now GADS loads aliases as part of loading the users, greatly reducing the time required.

Fixed an issue where, in some cases, if a profile's manager was found in a different search rule to the profile itself, the migration would fail.

Fixed a mixed-case email address issue. Google Apps doesn't support mixed-case email addresses for users, but in some cases there are users that have uppercase letters in their email addresses. GADS now ignores the letter case in email addresses.

GADS will retry requests that failed due to API quota issues.

Release 4.0.2

What's fixed

Improved error handling - GADS performs retries on more exceptions (500s and timeout exceptions).

Improved performance - GADS has improved its performance by fetching 500 entries per list call.

Google Apps org unit exclusion rules with exact matching now work, the slash prefix is no longer required in the Organizational unit complete path.

In the previous release, suspended group members were added in every sync and then GADS showed errors. Now the members are added to the group on every sync, but no error is shown when the member already exists.

Logging improvements - GADS now logs exception from the Configuration Manager before a sync is started. This allows easier troubleshooting of issues related to authorization.

Line wrapping and word wrapping is now working in Google Apps exclusion rules textbox.

Release 4.0.1

What's new

GADS now uses the Directory API instead of the deprecated Provisioning and Profiles Data APIs.

GADS now requires using OAuth for authorization. Using the admin credentials (also known as ClientLogin) is no longer supported, as it's been deprecated. Customers using client login must now authorize using OAuth. For more information see Prepare your Google Apps domain for synchronization.

Customers already using OAuth will also need to authorize again with existing (or new) credentials. This is because this version of GADS uses different APIs, and thus the scopes for which tokens are generated have also changed.

GADS now allows the exclusion of users based on Google Orgs without enabling org sync.

GADS now allows several profile and shared contact fields (Department, Job title, and Office Location) to be comprised of multiple concatenated LDAP fields.

GADS now shows shared contacts IDs and names during simulation, to make it easier to tell which contact is being deleted.

GADS now supports sending email notifications using SMTP over TLS. This means that can now be used to send email notifications.

The 'Website' and 'Notes' fields are no longer supported in user profiles because they are not available using the Directory API.

What's fixed

Fixed an issue in which the shared contact manager attribute was not syncing. Syncing now works when the manager is a shared contact, however it will not work when the manager is a user.

Where a lot of user aliases need to be created, GADS uses exponential backoff when adding aliases to avoid failures due to API limits.

Fixed an issue where GADS failed to properly update user profile organization info created using third-party apps. With the fix, any type of organization other than 'work' created by another app will be deleted during the GADS sync, and the organization information present in the local LDAP directory will be synced. If the organization created by the other app is primary and of type 'work', then GADS will do an update of existing data (to match the data in the local LDAP directory).

Fixed an issue where trailing spaces in group display name caused the name to be updated on every sync.

Fixed issue where GADS failed to create org units containing spaces.

GADS is case-insensitive when checking for hash prefixes ({MD5}, {SHA1}, etc.).

Fixed an issue where the manager profile field returned different results based on profile search rule order.

GADS now saves calResMapping.csv in user's homedir/profile folder.

Fixed issue where GADS unexpectedly removed members from groups while syncing.

Release 3.2.1

What's new

"Group Name" Exclude Type option in Exclusion Rule Settings. Configures GADS to not sync any group that has a name that matches the rule.

"useDynamicMaxCacheLifetime" configuration file option. Configures GADS to cache Google Apps data for a maximum of eight days and resynchronize with Google Apps. If the size of the cached data is too small to impact synchronization speed, GADS clears the cache and resynchronizes with Google Apps even more frequently to decrease the risk of errors resulting from a stale cache. This option is enabled by default in GADS version 3.2.1 and higher.

Command line interface for OAuth part of config manager. A simple command line interface to enter OAuth, ClientLogin, and LDAP credentials, enabling admins to keep using GADS without GUI.

"Export Calendar Resource Mapping" option in Calendar Resource Attributes. Ability to generate a CSV file listing LDAP calendar resources and their Google Apps equivalents. Use the CSV file with Google Apps Migration for Microsoft Exchange to migrate the contents of your Microsoft Exchange calendar resources to the appropriate Google Apps calendar resources.

"Resource Type" option in Calendar Resource Attributes.Ability to synchronize custom resource types (like "Room", "Camera", "Bike", etc.) from your LDAP directory to Google Apps.

"Test LDAP Query" button on Add Search Rule screens. Ability to test LDAP queries in UI while specifying search rules.

Config file comments retained. You can now add comments to config files to clarify the XML as needed.

Configuration Manager Default Values for OpenLDAP. The Configuration Manager now contains default values for OpenLDAP server types.

More detailed messages and instructions for several issues, such as system time set incorrectly, API access disabled, memory issues, password hash mismatch, configuration file access, and sync limits.

What's fixed

Fixed an issue in which a space character at the end of a group's CN would cause a NameNotFoundException and stop the sync.

Fixed an issue in which some users' profiles couldn't be updated due to the wrong API URL being used.

The unique ID attribute was previously handled as a string and would not differentiate between users in some cases. It's now always treated as binary data.

Fixed an issue in which the wrong error message was shown or no error would be shown at all when syncing a group or an alias with the same email address as an existing Google Apps user. Now the correct error message is shown.

GADS now ignores Active Directory conflict (CNF:) and deleted (DEL:) objects.

Fixed an issue in which XML files created on a different system or by a different user couldn't be opened until the defaultPasswordEncrypted setting was manually cleared. Such files can now be opened and the user will be prompted to enter the password again if needed.

Fixed an issue in which GADS would always report that an object was inaccessible if there was an issue connecting to the LDAP server. Now, GADS reports the correct cause of the issue.

Fixed an issue where GADS would not correctly save XML configuration files with certain characters.

Release 3.1.6

What's new

Support for structured names for Shared Contacts. You can use a combination of LDAP attributes to specify the full name of a shared contact. For example:

[prefix] - [givenName] [sn] [suffix]


Security enhancements. GADS configuration files are now tied to the system they were created on, for enhanced security. If you copy a configuration XML file to another system, you need to re-enter sensitive data, such as passwords and authorizations.

Performance improvements.

Miscellaneous bug fixes.

Improved error messages when a search rule references an LDAP entity that doesn't exist.

Support for LDAP servers that split group member results across multiple entities.

What's fixed

The Configuration Manager now supports displays with lower resolutions.

If a dynamic group search filter causes an error, the rest of the items sync correctly and the erroneous item is reported in the summary, instead of failing the entire sync.

Commas in Canonical Names of dynamic groups' members no longer cause the sync to fail.

GADS now correctly syncs group members who are suspended in Google Apps.

Release 3.1.3

What's new

Email address rename detection. GADS can detect email address renames on your LDAP server and sync those renames to Google Apps. To use this feature, you need to specify a Unique Identifier Attribute under User Accounts > User Attributes in Configuration Manager. This attribute must have a unique value for each of your users, and the value must not change. The objectGUID attribute is a valid example for Active Directory systems.

GADS version check. GADS checks your current configuration to see whether a previous version of GADS was used to create it. If so, you must verify and save the configuration before using it.

Dynamic groups support. GADS supports dynamic (query-based) groups, where group membership is specified as a query.

64-bit support. A 64-bit version of GADS is now available. Users with compatible systems can use the 64-bit version to improve performance during large syncs.

OAuth 2.0. GADS now uses OAuth 2.0. Existing users of OAuth need to re-authenticate GADS to take advantage of OAuth 2.0.

Syncing groups no longer requires user search rules for newer configurations.

Active Directory users can now quickly configure GADS by generating default values for most attributes and search rules with a single click.

Miscellaneous bug fixes.

Release 3.0.6

What's new

New look. GADS 3.0.6 has a cleaner, more intuitive user interface.

Configurable password length. Passwords generated by GADS now have a configurable length.

Miscellaneous bug fixes.

Release 2.1.6

What's new

Miscellaneous bug fixes.

Release 2.1.5

What's new

Added the ability to synchronize only passwords that have changed since the previous sync.

Added the option to prevent a sync from suspending/deleting admin accounts not found in the LDAP server.

Improved performance of the sync simulation UI.

Added support for Base64-encoded passwords.

Logs are now encoded in UTF-8 by default to support non-ISO characters.

The logging level menu now displays options in decreasing order of verbosity.

Added logging for suspended accounts that are not deleted because of the current configuration.

Miscellaneous bug fixes.

Release 2.1.3

What's new

Google Apps Directory Sync 2.1.3 includes updates to improve stability and performance, but no new features. Following is a brief description of the issue resolved in this release.

"Invalid request URI" when updating an orgunit

Issue: When attempting to update an orgunit, Directory Sync sometimes failed with an error "Invalid request URI.".
Resolution: Updating orgunits now runs correctly.

Release 2.1.1

What's fixed

Google Apps Directory Sync 2.1.1 includes multiple new features and fixed issues.

Following is a list of issues resolved in this release. Each issue includes the release number, a tracking number, and a brief description.

Performance Improvements

Release 2.1.1 includes substantial performance improvements, including parallel threads and faster retrieval of data. With the new release of Google Apps Directory Sync, you will experience faster performance of synchronizations.

Domain Replacement for User Profiles

In Release 2.1.1, the "Replace domain names in LDAP email addresses (of users and groups) with this domain name" setting will also affect User Profiles. To configure this setting, go to Google Apps Settings in Configuration Manager.

Multiple LDAP attributes support for Given Name and Family Name

In Release 2.1.1, you can specify multiple attributes for a given name or family name in LDAP Extended Attributes. Mark each LDAP attribute with square brackets. Set your LDAP Extended Attributes in Configuration Manager.

Suspend User Limit Provision

Google Apps Directory Sync includes the ability to limit the number of users that are deleted during synchronization. In Release 2.1.1, you can also set a similar limit for the number of users that are suspended during synchronization. Set this limit in the Sync Limits page of Configuration Manager.

Flush Cache During Simulated Synchronization

During simulated synchronization in Configuration Manager, you can clear out all remote cached data so that fresh data is pulled from Google Apps during the next simulation.

Fixed Issues

Release Notes now in new location

Instead of linking to a PDF file, Google Apps Directory Sync release notes are now published in the Help Center.

Misleading error message for Non-Unique Resource ID

Issue: When a Calendar Resource attribute is not unique, the error message does not give a clear description of the reason for failure.
Resolution: The error message for a non-unique Resource ID now shows that more than one resource with the same name were found.

Invalid characters not handled properly for user and group addresses

Issue: Invalid characters are not detected properly during synchronization.
Resolution: Invalid characters are now removed during synchronization.

Misleading message for extra Google Profiles

Issue: The message for extra Google user profiles says that accounts "might have to be deleted" which may be misleading.
Resolution: The warning message now notes that GADS will not sync these additional profiles.

Org-level exclusion rules do not apply if org email addresses have uppercase letters

Issue: Directory Sync will suspend or delete users that have uppercase letters in their email addresses, even if those users are excluded by an org-level exclusion rule.
Resolution: Directory Sync now uses org-level exclusion rules correctly for users with uppercase letters in their email addresses.

Group Display Name information missing from log

Issue: Groups display names were not listed in the synchronization logs.
Resolution: Display names now show correctly in logs.

Release 2.0.3

What's fixed

Google Apps Directory Sync 2.0.3 includes one major fixed issue and no new features.

Following is a list of issues resolved in this release. Each issue includes the release number, a tracking number, and a brief description.

OAuth authentication fails with error "Token Invalid".

Issue: When attempting to synchronize Google Apps Directory Sync while using OAuth for authentication, all synchronization failed with an error "Token Invalid."
Resolution: Synchronization using OAuth authentication now runs properly and does not generate any OAuth errors.

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu