Use limits with GCDS

You can use limits with Google Cloud Directory Sync (GCDS) to set the maximum number of deletions permitted per simulation or synchronization. If the number of proposed deletions exceeds the limit, GCDS stops and does not sync any changes.

You can use limits to prevent accidentally deleting your Google data. If you set a percentage for the limit, it's based on the number of objects found in your Google domain. For example, if you set a limit for users, the percentage is calculated on the number of users that GCDS found in your Google domain. If a sync stops, you can check the logs to see where the limit was exceeded. 

You can set a limit for users, organizational units, shared contacts, calendar resources, and groups.

Set a limit for groups 

  1. In Configuration Manager, open the Groups page. 
  2. At the top, click Exclusion Rules.
  3. Choose an option:
    • To set a limit on the number of group deletions, under Do not synchronize if group deletions exceed, select to add a percentage or a specific number and add the value.
    • To set a limit on the number of member deletions per group, under Do not synchronize if member deletions exceed, select to add a percentage or a specific number and add the value.
  4. (Optional) To apply the limit only to groups that have membership over a certain number, next to Apply to groups with more than, enter a number. 

    GCDS excludes groups with memberships below that number from the limit.

  5. At the bottom, click Add Exclusion Rule.

Set a limit for other options

  1. In Configuration Manager, open one of the following pages depending on where you want the limit:
    • Org Units
    • User Accounts
    • Shared Contacts
    • Calendar Resources
  2. At the top, click Exclusion Rules.
  3. Under Do not synchronize if deletions exceed, select to set a percentage or a specific number and add the value.
  4. (Optional, user accounts only) To set a limit for suspensions, under Do not synchronize if suspensions exceed, select to add a percentage or a specific number and add the value.

    For details on suspending accounts, see GCDS best practices

  5. At the bottom, click Add Exclusion Rule.

Check the logs if sync or simulation exceeds a limit

  • For a simulation—Open the log file and search for [ERROR] [sync.agent.FullSyncAgent].
  • For a sync—Open the log file and search for [ERROR] [sync.agent.FullSyncAgent]. In the GCDS interface, you can also see Computed differences exceed configured sync limits, not applying changes.

Examples

In both examples, there are 1,000 users in the Google domain. During a sync, GCDS proposes to delete 208 user accounts.

Example 1:

  1. You set a limit for user deletions to 208.
  2. When you run a sync, GCDS compares the 208 proposed deletions against the maximum deletions allowed by the limit.
  3. Because the maximum limit meets or is above the deletions in the proposed sync, GCDS processes all the deletions.

Example 2:

  1. You set the limit of user deletions to 10% of total deletions.
  2. When you run a sync, GCDS calculates the percentage of proposed deletions (208 deletions, which represents 20% of total deletions). 
  3. Because the percentage of deletions exceeds the 10% limit, GCDS stops the sync without applying the changes.

Related topics

Logging settings

Was this helpful?
How can we improve it?