Use limits with GCDS

You can use limits with Google Cloud Directory Sync (GCDS) to set the maximum number of deletions permitted on each simulation or synchronization. If it reaches this limit, GCDS stops and does not sync any changes.

You can use limits to prevent accidentally deleting your Google data. If you set a limit for users, the percentage is calculated on the number of users that GCDS found in your Google Account. If a sync stops, you can check the logs to see where it exceeded the limit.

You can set a limit for users, organizational units, shared contacts, calendar resources, and groups.

Set a limit for groups

  1. In Configuration Manager, open the Groups page. 
  2. At the top, click Exclusion Rules.
  3. Choose an option. To set a limit on the number of:
    • Group deletions—Under Do not synchronize if group deletions exceed, select to add a percentage or a specific number and add the value.
    • Member deletions per group—Under Do not synchronize if member deletions exceed, select to add a percentage or a specific number and add the value.
  4. (Optional) To apply the limit only to groups that have membership over a certain number, next to Apply to groups with more than, enter a number. 

    GCDS excludes groups with memberships below that number from the limit.

  5. At the bottom, click Add Exclusion Rule.

Set a limit for other options

  1. In Configuration Manager, open one of the following pages, depending on where you want the limit:
    • Org Units
    • User Accounts
    • Shared Contacts
    • Calendar Resources
  2. At the top, click Exclusion Rules.
  3. Under Do not synchronize if deletions exceed, select to set a percentage or a specific number and add the value.
  4. (Optional, user accounts only) To set a limit for suspensions, under Do not synchronize if suspensions exceed, select to add a percentage or a specific number and add the value.

    For details on suspending accounts, see GCDS best practices

  5. At the bottom, click Add Exclusion Rule.

Find info if sync or simulation exceeds a limit

If a sync or simulation exceeds a limit, the details appear in the simulation or apply report. Additionally:

  • Using the command line—If the log level is set to INFO (the default), you can also find detailed information in the logs. Search the logs for [INFO] [google.usersyncapp.Report].
  • Using Configuration Manager—The details appear in the report at the end of the sync. You can also look for details in the logs by searching for [INFO] [google.usersyncapp.Report].
  • If you have enabled notifications–The system sends a report with the limit details at the end of the sync (this doesn't apply to simulations).

Note: If you just want to check whether your sync or simulation exceeded a limit, you can quickly search the logs for [ERROR] [sync.agent.FullSyncAgent].

Examples

In both examples, there are 1,000 users in the Google Account. During a sync, GCDS proposes to delete 208 user accounts.

Example 1:

  1. You set a limit for user deletions to 208.
  2. When you run a sync, GCDS compares the 208 proposed deletions against the limit.
  3. Because the limit meets the deletions in the proposed sync, GCDS processes all the deletions.

Example 2:

  1. You set the limit of user deletions to 10% of total deletions.
  2. When you run a sync, GCDS calculates the percentage of proposed deletions (208 deletions, which represents 20% of total deletions).
  3. Because the percentage of deletions exceeds the 10% limit, GCDS stops the sync without applying the changes.

Related topic


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue