Set exclusion rules

Use exclusion rules with Google School Directory Sync (SDS)

You use exclusion rules to omit users, groups, and organizational units from a synchronization. This way, you preserve data in Classroom or your G Suite for Education domain that isn’t in your school information system.

It’s important to set exclusion rules correctly because they control how Google School Directory Sync (SDS) works. For example, if you exclude a G Suite for Education user who is in your school information system, SDS will try to create the user during every synchronization.

How rules work

Types of exclusion rules

Exclude type—Sets the exclusion filter and can be one of the following options:

  • Organization complete path—Specifies to exclude any user who is a member of an organization that matches the complete path rule. Only used if you’re syncing organizational units. Otherwise, the exclusion is ignored. Organization paths are treated as strings with the format organization/sub-organization/sub-sub-organization.
  • User email address—Specifies to exclude any user whose primary address matches the rule.
  • Group email address—Specifies to exclude any group that has an address that matches the rule.

Match Type—Sets the match for the exclusion filter and can be one of the following options:

  • Exact match—The address or name must match exactly. For example, an exact match of a user email address exclusion filter means that user1@example.com is excluded from a user synchronization but not a group synchronization. Whereas if you specify an exclusion filter on a group email address, such as FloridaSalesGroup@example.com, the entire group is excluded from a group synchronization.
  • Substring match—The substring text specifies that the addresses or names with the same text are excluded. For example, if the substring text is sales, then depending on the type of exclusion filter that is set, the corresponding addresses and group names that have sales in them are excluded.
  • Regular expression—Specifies that the address or name must match the expression specified. For example, if you specify team[3-9] as a regular expression, then depending on the type of exclusion filter that is set, the corresponding addresses and group names for teams 3 to 9 are excluded.

Rule—Specifies the text of the match or expression to compare.

Example scenarios

Exclude users in an organizational unit

If you add all your IT administrators to the organizational group Administrators/IT, you could use the following rule to exclude this group as well as any others in the administrators organizational unit:

  • Type: Organization Complete Path
  • Match Type: Substring
  • Rule: Administrators

Exclude users with the same name

If your G Suite for Education user list includes users that aren’t in your school or management information system and they have the same name in their address or username, use a substring or regular expression instead of creating a rule for each user. In this example, all users that have appstrial in their primary address, such as appstrial-lydia@example.com, are excluded.

First rule:

  • Type: User email address
  • Match Type: Substring
  • Rule: appstrial

Second rule:

  • Type: Student email address
  • Match Type: Substring
  • Rule: appstrial

Preserve custom G Suite for Education groups

If you have groups listed in your G Suite for Education domain that don’t match a mailing list in your student or management information system, SDS will delete them during a sync. To prevent this from happening, add the following exclusion rule:
  • Type: Group email address
  • Match Type: Exact Match
  • Rule: FloridaSalesTeam@example.com

Add, change priority, or delete an exclusion rule

Exclusion rules apply in the order that they appear in the table.

Add an exclusion rule
  1. In Configuration Manager, click Google Domain Configuration and then Exclusion rules and then Add exclusion rule.
  2. At Type, click User email address and select the exclusion filter to use.
  3. At Match type, click Exact match and select the type of match.
  4. Enter the expression or match string for the exclusion rule.
  5. Click OK.
Change the priority of an exclusion rule
  1. In Configuration Manager, click Google Domain Configuration and then Exclusion rules.
  2. Click the exclusion rule.
  3. Click the Up arrow Up arrow or Down arrow Down Arrow to change the priority of a rule.
Delete an exclusion rule
  1. In Configuration Manager, click Google Domain Configuration and then Exclusion rules.
  2. At the exclusion rule, click X.

Next steps

Configure sync notifications

Was this helpful?
How can we improve it?