Duet AI is now Gemini for Google Workspace. Learn more

Work with configuration files

In Configuration Manager, you can start new configuration files to store Google Cloud Directory Sync (GCDS) synchronization settings. All configuration files are in XML format.

To make it harder for an attacker to access your LDAP system or Google domain using the configuration files, the secrets (password and OAuth token) in the file are encrypted.

Store your configuration files securely. Exposed configuration files are a security risk.

Use multiple configuration files

If you have a very large deployment, consider using multiple configuration files to split the deployment into smaller synchronizations, reduce performance load, and vary the rate of synchronizations.

You can also sync from one LDAP directory to multiple Google accounts using one or more configuration files. If you use multiple configuration files, make sure they're saved with unique names to avoid sync issues.

Use a single configuration file

You can run the same configuration file and synchronize groups, users, and organizational units individually. For details, see Synchronize using the command line.

Start or save a configuration file

  • To start a new configuration file with no specified rules, select Fileand thenNew.
  • To save a configuration file with a new name, select Fileand thenSave As and specify the directory and file name.
  • To save a configuration file with an existing name, select Fileand thenSave.

If you overwrite an existing file, Configuration Manager saves the existing file as a copy with a timestamp in the file name.

Use a configuration file with different machines or users

If you open a configuration file that was saved on a different machine or by a different user, GCDS can’t access the secrets in the XML file. You must reauthorize access to GCDS before using different machines or multiple users.

Expand section  |  Collapse all & go to top


To run GCDS when signing in as multiple users on Windows:

  1. Open the Start menu.
  2. Search for Configuration Manager.
  3. Click the Open file location option. If it doesn't appear, right-click Configuration Manager.
  4. On the Configuration Manager shortcut, press Shiftand thenright-clickand thenselect Run as different user or Run as, then enter the username and password of the Windows user who needs to authorize GCDS. This is usually either the user who previously authorized GCDS, or the user who is configured to run the sync scheduled task.
  5. Load the configuration file and click Authorize Now.
  6. Enter the Google Account administrator username and password.
  7. Update the LDAP user password and the SMTP password if necessary.
  8. Save the XML file.
  9. Run a simulation to ensure that your settings are correct.
  10. Manually run the synchronization and review the logs to ensure that the XML file was saved correctly.

Note: If you’re running the sync-cmd task as the Windows SYSTEM user, NetworkService, or another system account, you might not be able to run Configuration Manager as a different user. Try using PsExec from Microsoft to run Configuration Manager as a system user.


Option 1: Copy & upgrade the XML file

Follow the steps in How do I authorize GCDS on a machine without a GUI?

Option 2: Move the prefs file

Move the prefs file from the original machine to the new machine. By default, the prefs file is stored in $HOME/.java/.userPrefs/com/google/usersyncapp/util/prefs.xml.

Related topics

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu