Work with configuration files

In Configuration Manager, you can start new configuration files to store Google Cloud Directory Sync (GCDS) synchronization settings. All configuration files are in XML format.

To make it harder for an attacker to access your LDAP system or Google domain using the configuration files, the secrets (password and OAuth token) in the file are encrypted.

Store your configuration files securely. Exposed configuration files are a security risk.

Use multiple configuration files

If you have a very large deployment, consider using multiple configuration files to split the deployment into smaller synchronizations, reduce performance load, and vary the rate of synchronizations.

You can also sync from one LDAP directory to multiple G Suite accounts using one or more configuration files. If you use multiple configuration files, make sure they're saved with unique names to avoid sync issues.

Use a single configuration file

You can run the same configuration file and synchronize groups, users, and organizational units individually. For details, see Synchronize using the command line.

Start or save a configuration file

  • To start a new configuration file with no specified rules, select Fileand thenNew.
  • To save a configuration file with a new name, select Fileand thenSave As and specify the directory and file name.
  • To save a configuration file with an existing name, select Fileand thenSave.

If you overwrite an existing file, Configuration Manager saves the existing file as a copy with a timestamp in the file name.

Use a configuration file with different machines or users

If you open a configuration file that was saved on a different machine or by a different user, GCDS can’t access the secrets in the XML file. You must reauthorize access to GCDS before using different machines or multiple users.

Windows

To run GCDS when signing in as multiple users on Windows:

  1. Open Configuration Manager.
  2. Press Shiftand thenright-clickand thenselect Run as different user or Run as.
  3. Enter the administrator username and password.
  4. Update the passwords and reauthorize OAuth.
  5. Save the XML file.
  6. Run a simulation to ensure that your settings are correct.
  7. Manually run the synchronization and review the logs to ensure that the XML file was saved correctly.

Note: If you’re running the sync-cmd task as the Windows SYSTEM user, NetworkService, or another system account, you might not be able to run Configuration Manager as a different user. Try using PsExec from Microsoft to run Configuration Manager as a system user.

Linux

Option 1: Copy and upgrade the XML file

  1. Copy the XML file to the new machine.
  2. If it was set in the original XML file, manually remove the smtpAuthPasswordEncrypted field.
  3. On the new machine, use the command line to run the upgrade-config tool using the -Oauth parameter. 

    For details, see How do I authorize GCDS on a machine without a graphical user interface (GUI)?

Option 2: Move the prefs file

Move the prefs file from the original machine to the new machine. By default, the prefs file is stored in $HOME/.java/.userPrefs/com/google/usersyncapp/util/prefs.xml.

Related topics

Google, G Suite, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?