Before you install Google Cloud Directory Sync (GCDS), ensure you meet the following requirements.
Google Account
You need one of the following accounts:
- A Google Account or Cloud Identity account
- A Google Workspace or Cloud Identity super administrator account
GCDS server
- A server to run GCDS with one of the following operating systems:
- Microsoft Windows (supported on Windows 7, 8, and 10, and Windows Server 2008, 2012, 2016, and 2019).
- Linux—If you’re using a 32-bit version of GCDS on a 64-bit Linux system, a 32-bit libc (such as libc6-i386) must be installed.
- If you’re using a Linux server, you need a GUI installed on the same server or access to another server with a GUI. (If you change servers, you need to reauthorize the configuration file. For details, see Use a configuration file with different machines or users.)
- To install GCDS on a Windows server, you need to be an administrator on that server.
- For optimal GCDS performance it is recommended that you use, at a minimum, a two core processor.
- At least 5 GB of disk space for log files and data. If you’re running with the DEBUG or INFO level of logging, you might need more free space for additional logging data.
- Free RAM—The amount required depends on the size of your organization:
Number of entities* Recommended amount of free RAM Fewer than 10,000 1 GB 10,000–200,000 2–4 GB 200,000+ 8 GB * Entities include resources, such as users, groups, group members, organizational units, and contacts.
You might need to increase the size of free RAM. For details, see What if I'm seeing memory-related errors?
LDAP server
- All versions of LDAP are supported.
- GCDS must be able to access the user information from the LDAP server.
- LDAP administrator access to your directory server.
- Network access to your LDAP server. You don't need to run GCDS on your LDAP server.
- Read permissions in LDAP server for the organizational units that you want to sync.
- An LDAP browser that can read and browse your LDAP directory server data.
Network requirements
- Network access to your Google data through HTTPS directly or through a proxy server. Ensure ports 80 and 443 are open.
For details, go to Set up a Google Workspace host name allowlist.
- Access to one of the following ports to allow the SMTP server to send email notifications: 25, 465, or 587. You decide how to set up email notifications in Configuration Manager.
For details, go to Set your notifications.
- If required, access to TLS Certificate Authorities (CAs) for your network.
For details, go to Troubleshoot certificate-related problems.
- (Recommended) A network connection to your Google Account with no proxies or firewalls.
- GCDS uses the following APIs:
Encryption
- GCDS to LDAP:
- Encrypted by SSL when the connection type specified in Configuration Manager is LDAP+SSL.
- No encryption is used if the connection type is Standard LDAP.
- GCDS to Google connections are encrypted using HTTPS.
Level of effort & expertise
- LDAP directory—Familiarity with your LDAP data. It's also useful to be comfortable with LDAP query language.
- Network expertise—Experience with your network and security settings for internal and outbound traffic. Able to set up mail servers for notification traffic.
- Knowledge of your user base—Able to identify which LDAP entries represent current users and groups.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
