In Configuration Manager, you can start new configuration files to store Google Cloud Directory Sync (GCDS) synchronization settings. All configuration files are in XML format.
To make it harder for an attacker to access your LDAP system or Google domain using the configuration files, the secrets (password and OAuth token) in the file are encrypted.
Store your configuration files securely. Exposed configuration files are a security risk.
Use multiple configuration files
If you have a very large deployment, consider using multiple configuration files to split the deployment into smaller synchronizations, reduce performance load, and vary the rate of synchronizations.
You can also sync from one LDAP directory to multiple G Suite accounts using one or more configuration files. If you use multiple configuration files, make sure they're saved with unique names to avoid sync issues.
Use a single configuration file
You can run the same configuration file and synchronize groups, users, and organizational units individually. For details, see Synchronize using the command line.
Start or save a configuration file
- To start a new configuration file with no specified rules, select FileNew.
- To save a configuration file with a new name, select FileSave As and specify the directory and file name.
- To save a configuration file with an existing name, select FileSave.
If you overwrite an existing file, Configuration Manager saves the existing file as a copy with a timestamp in the file name.
If you open a configuration file that was saved on a different machine or by a different user, GCDS can’t access the secrets in the XML file. You must reauthorize access to GCDS before using different machines or multiple users.Windows
To run GCDS when signing in as multiple users on Windows:
- Open the Start menu.
- Search for Configuration Manager.
- Click the Open file location option. If it doesn't appear, right-click Configuration Manager.
- On the Configuration Manager shortcut, press Shiftright-clickselect Run as different user or Run as, then enter the username and password of the Windows user who needs to authorize GCDS. This is usually either the user who previously authorized GCDS, or the user who is configured to run the sync scheduled task.
- Load the configuration file and click Authorize Now.
- Enter the Google Account administrator username and password.
- Update the LDAP user password and the SMTP password if necessary.
- Save the XML file.
- Run a simulation to ensure that your settings are correct.
- Manually run the synchronization and review the logs to ensure that the XML file was saved correctly.
Note: If you’re running the sync-cmd task as the Windows SYSTEM user, NetworkService, or another system account, you might not be able to run Configuration Manager as a different user. Try using PsExec from Microsoft to run Configuration Manager as a system user.
Option 1: Copy and upgrade the XML file
- Copy the XML file to the new machine.
- If it was set in the original XML file, manually remove the smtpAuthPasswordEncrypted field.
- On the new machine, use the command line to run the upgrade-config tool using the -Oauth parameter.
Option 2: Move the prefs file
Move the prefs file from the original machine to the new machine. By default, the prefs file is stored in $HOME/.java/.userPrefs/com/google/usersyncapp/util/prefs.xml.