Learn more about Configuration Manager options

Use the Google Cloud Directory Sync (GCDS) Configuration Manager to create and test a configuration file for a synchronization. The information below gives you more detail on the fields in Configuration Manager.

You open Configuration Manager from the Start menu.

Connect, notify, & log

Expand section  |  Collapse all & go to top

LDAP connection settings

Specify your LDAP connection and authentication information on the LDAP Configuration page. After you enter the information, click Test connection. If the connection fails, see:

LDAP connection setting Description
Server type The type of LDAP server you are synchronizing. Make sure to select the correct type for your LDAP server. GCDS interacts with each type of server slightly differently.
Connection type
Choose whether to use an encrypted connection.

If your LDAP server supports SSL or you're using Microsoft Active Directory on a Windows server with LDAP signing enabled, choose LDAP+SSL and enter the correct port number (below). Otherwise, choose Standard LDAP.

Host name Enter the domain name or IP address of your LDAP directory server.

Examples: ad.example.com or 10.22.1.1.

Port

Specify the host port. Commonly-used options: 

  • For Standard LDAP, use 389.
  • For LDAP over SSL, use 636.

Note: If you’re using Active Directory, you can use 3268 (Global Catalog) or 3269 (Global Catalog over SSL).

Example: 389

Authentication type The authentication method for your LDAP server

If your LDAP server allows anonymous connections and you want to connect anonymously, select Anonymous. Otherwise, select Simple.

Authorized user Enter the user who will connect to the server. The user should have permission to read all objects and perform LDAP search queries.

If your LDAP directory server requires a domain for login, include the domain for the user as well.

Example: admin1

Password Enter the password for the authorized user. Passwords are stored in an encrypted format.

Example: swordfishX23

Base DN

Enter the Base DN for the subtree to synchronize. Don't include spaces between commas. If you don’t know the Base DN, consult your LDAP administrator or check an LDAP browser.

If you leave this field empty, all domains in the forest are searched.  

Example: ou=test,ou=sales,ou=melbourne,dc=ad,dc=example,dc=com

Notification attributes

Following a synchronization, GCDS sends an email to specified users that can be used to verify the sync and troubleshoot any issues. On the Notifications page, you can specify who is notified and your mail server settings.

Notification setting Description
SMTP Relay Host

The SMTP mail server to use for notifications. GCDS uses this mail server as a relay host.

Example:

  • 127.0.0.1
  • smtp.gmail.com
Use SMTP with TLS

Check the box to use SMTP with TLS (required with smtp.gmail.com).

Supported TLS versions—1.0, 1.1, and 1.2 (supported from GCDS version 4.7.6 onwards).

User Name
Password
If the SMTP server requires a username and password for authentication, enter the username and password here.

Example:

User Name: admin@solarmora.com
Password: ud6rTYX2!

From address Enter the from address for the notification mail. Recipients see this address as the notification sender.

Example: admin@solarmora.com

To addresses (recipients)

Notifications are sent to all addresses on this list. To enter multiple addresses, click Add after each email address. 

Depending on your mail server settings, GCDS might be unable to send mail to external email addresses. Click Test Notification to confirm that mail is sent correctly.

Example: dirsync-admins@solarmora.com

Use attachment Check the box to receive the sync report as an attachment to the email. Uncheck the box to receive the report in the body of the email.
Compress attachment Check the box to receive the sync report compressed in ZIP file format.
(Optional) Do not include in notifications

Limit the information sent in notification emails. You can choose to exclude: 

  • Extra details–For example, a list of excluded objects.
  • Warnings–Warning messages.
  • Errors–Error messages.
Subject Prefix Enter a string that is added to the start of the notification email's subject line.

Example: Set up notifications for users in your Google Account

Before you begin, allow less secure apps to access the authenticating Google Account. For details, see Less secure apps & your Google Account

  1. For SMTP Relay Host, enter smtp.gmail.com.
  2. Check the Use SMTP with TLS box.
  3. For User Name, enter your Google Account email address. 
  4. For Password, enter your password.
  5. If you use 2-Step Verification, you need to create an App Password. For details, see Sign in using App Passwords.
  6. For From address, enter the address that you want as the sender for the notification emails. 
  7. For To addresses, enter the email addresses of users who should receive GCDS reports. To enter multiple addresses, click Add after each email address. 
  8. (Optional) If the SMTP connection is broken, use a packet capture tool, such as Wireshark, to identify the root cause of the issue.
Logging settings

Specify the settings for logging on the Logging page.

 
Logging setting Description
File name Enter the directory and file name to use for the log file or click Browse to browse your file system.

Example: sync.log

Optionally, you can add the placeholder #{timestamp} to the file name. The placeholder is replaced by an actual timestamp (for example, 20190501-104023) in each execution before the log file is saved to the disk.

If you use the placeholder, GCDS generates a new log file every time it runs a simulation or sync. If a log is older than 30 days, it's deleted.

Example: sync.#{timestamp}.log

If you run a sync at 2019-05-01 at 10:40:23am, the log file is named sync.20190501-104023.log.

Log level The level of detail of the log. Select from the following options:
  • FATAL—Only logs fatal operations.
  • ERROR—Logs errors and fatal operations.
  • WARN—Logs warnings, errors and fatal operations.
  • INFO—Logs summary information.
  • DEBUG— Logs more extensive details.
  • TRACE—Logs all possible details.

The level of detail is cumulative; each level includes all the details of previous levels (for example, ERROR includes all ERROR and FATAL messages).

Maximum log size

The maximum size of the log file, in megabytes.

The maximum log size includes all the backup files plus the current file. The number of back up files is determined by the log file count attribute (see below).

To calculate the maximum size of a log file use <maximum log size> / (<log file count> + 1)

Example: 500

Log file count

 

The number of log files that are saved to the disk. The default is 10.

Note: This setting can only be modified in the configuration file within the tag <logFileCount>.

Users

Expand section  |  Collapse all & go to top

User attribute settings

Specify what attributes GCDS uses when generating the LDAP user list on the User accounts page.

 
LDAP user attribute setting Description
Email address attribute The LDAP attribute that contains a user’s primary email address. The default is mail.

Example: mail

Enable invalid characters replacement

Invalid character replacement

If you check the box, spaces and invalid characters in an email address are replaced with the string specified in the Invalid character replacement field.

If you check the box but leave the field blank, GCDS removes spaces and invalid characters from the address.

Example

The email address on the LDAP server is
x y\z@example.com.

  • If you add an underscore (_) to the Invalid characters replacement field, GCDS converts the email address to x_y_z@example.com.
  • If the Invalid characters replacement field is left blank, GCDS converts the email address to xyz@example.com.
(Optional) Unique identifier attribute An LDAP attribute that contains a unique identifier for every user entity on your LDAP server. Providing this value enables GCDS to detect when users are renamed on your LDAP server and sync those changes to your Google domain. This field is optional, but recommended.

Example: objectGUID

(Optional) Alias address attributes One or more attributes used to hold alias addresses. These addresses will be added to your Google domain as nicknames of the primary address listed in the email address attribute field. Enter the address and click Add

Example: proxyAddresses

If this field is empty, any alias associated with the Google user profile isn't removed following a GCDS sync. The alias can still be managed in Google.
 

Google domain users deletion/suspension policy Options for deleting and suspending users. 
  • Delete only active Google Domain users not found in LDAP (suspended users are retained)—Active users in your Google domain are deleted if they aren't in your LDAP server. Suspended users are not altered. This is the default setting.
  • Delete active and suspended users not found in LDAP—All users in your Google domain are deleted if they aren't in your LDAP server, including suspended users.
  • Suspend Google users not found in LDAP, instead of deleting them—Active users in your Google domain are suspended if they are not in your LDAP server. Suspended users are not altered.
  • Don’t suspend or delete Google domain users not found in LDAP—No users in your Google domain are suspended or deleted (unless you have a search rule that’s set to suspend users).
Don’t suspend or delete Google admins not found in LDAP If checked (the default option), GCDS is prevented from suspending or deleting administrator accounts found in your Google domain that don’t exist in the LDAP server.
Additional user attributes

Additional user attributes are optional LDAP attributes that you can use to import additional information about your Google users, including passwords. Enter your additional user attributes on the User accounts page.

 
LDAP additional user attribute setting Description
Given Name Attribute(s) An LDAP attribute that contains each user's given name (in the English language, this is usually the first name), which is synchronized with the user’s name in your Google domain.

You can also use multiple attributes for the given name. If you use multiple attributes, place each attribute field name in square brackets.

Examples: givenName,[cn]-[ou]

Family Name Attribute(s) An LDAP attribute that contains each user's family name (in the English language, this is usually the last name), which is synchronized with the user's name in your Google domain.

Examples: surname, [cn]-[ou]

Display Name Attribute(s)

An LDAP attribute that contains each user's display name.

Example: displayName

Synchronize Passwords Indicates which passwords GCDS synchronizes. If you're using Active Directory or HCL Domino, see the note following in Password Encryption Method. Select one of the following:
  • Only for new users—When GCDS creates a new user, it synchronizes that user's password. Existing passwords are not synced. Use this option if you want your users to manage their passwords in your Google domain. Note: If you are using a temporary or onetime password for new users, use this option.
  • For new and existing users—GCDS always synchronizes all user passwords. Existing passwords in your Google domain are overwritten. This option is appropriate for managing user passwords on your LDAP server, but it is less efficient than the Only changed passwords option.
  • Only changed passwords—GCDS only synchronizes passwords that changed since your previous sync. We recommend this option if you want to manage user passwords on your LDAP server. Note: If you use this option, you must also provide a value for the Password timestamp attribute.
Password Attribute An LDAP attribute that contains each user's password. If you set this attribute, your users' Google passwords are synchronized to match their LDAP passwords. This field supports string or binary attributes.

Example: CustomPassword1

Password Timestamp Attribute An LDAP attribute that contains a timestamp indicating the last time a user’s password was changed. Your LDAP server updates this attribute whenever a user changes their password. Use this field only if you select the Only changed passwords option for the Synchronize Passwords field. This field supports string attributes.

Example: PasswordChangedTime

Password Encryption Method The encryption algorithm that the password attribute uses. Select one of the following:
  • SHA1–Passwords in your LDAP directory server hashed using unsalted SHA1.
  • MD5–Passwords in your LDAP directory server hashed using unsalted MD5.
  • Base64–Passwords in your LDAP directory server use Base64 encoding.
  • Plaintext–Passwords in your LDAP directory server are not encrypted. GCDS reads the password attribute as unencrypted text, then immediately encrypts the password using SHA1 encryption and synchronizes with your Google domain.

Note: GCDS never saves, logs, or transmits passwords unencrypted. If passwords in your LDAP directory are Base64-encoded or plaintext, GCDS immediately encrypts them with SHA1 encryption and synchronizes them with your Google domain. Simulate sync and full sync logs show the password as a SHA1 password.

Use this field only if you also specify a Password Attribute. If you leave the Password Attribute field blank, when you save and reload, the configuration resets to the default of SHA1. Note that some password encoding formats aren't supported. Check your LDAP directory server with a directory browser to find or change your password encryption.

By default, Active Directory and HCL Domino directory servers don't store passwords in any of these formats. Consider setting a default password for new users and requiring users to change passwords on first login.

Force New Users to Change Password

If checked, new users must change passwords the first time they sign in to their Google account. Doing so allows you to set an initial password, either from an LDAP attribute or by specifying a default password for new users that the user must change the first time they sign in.

Use this option if you set an attribute in one of these fields:

  • In the Password Attribute field, but it's only a temporary or one-time password
  • In the Default password for new users field

Note: If your users don't manage their Google password, for example, if you're using Password Sync or single sign-on (SSO), we recommend that you don't turn on this setting.

Default Password for New Users Enter a text string that serves as the default password for all new users. If the user does not have a password in the password attribute, GCDS uses the default password.

Important: If you enter a default password here, be sure to check the Force new users to change password box so that users don't retain the default password.

Example: swordfishX2!

Generated Password Length The length, in characters, of randomly generated passwords. A password is randomly generated for a user if their password is not found on your LDAP server and you haven't specified a default password.
User search rules

Add a User search rule on the Search rule tab of the User Accounts page. For detailed information about search rules, see Use LDAP queries to collect data for a sync.

 
LDAP user search rule fields Description
Place users in the following Google domain Org Unit

Specify which Google organizational unit should contain users that match this rule. If the organizational unit specified doesn't exist, GCDS adds the users to the root level organizational unit in your Google domain.

This option only appears if you have enabled Organizational Units on the General Settings page.

Options include:

  • Org Unit based on Org Units Mappings and DN—Add users to the unit that maps to the user’s DN on your LDAP server. This is based on your Org Mappings and shows in the LDAP User Sync list as [derived].
  • Org Unit Name—Add all users that match this rule to the same Google organizational unit. Specify the organizational unit in the text field.

    Example: Users

  • Org Unit name defined by this LDAP attribute—Add each user to the organizational unit with the name specified in an attribute on your LDAP directory server. Enter the attribute in the text field.

    Example: extensionAttribute11

Suspend these users in Google domain

Suspend all users that match this LDAP user sync rule.

Notes:

  • GCDS suspends or deletes users that already exist in your Google domain based on the GCDS User Account Deletion/Suspending policy setting.
  • Users in your domain that you have suspended are reenabled by GCDS if they match a search rule that doesn't have suspend users enabled.
  • This feature is commonly used to stage user accounts in the domain. The new users are created in a suspended state. If you are importing active users with this rule, leave this unchecked.
Scope
Rule
Base DN
For details on these fields, see Use LDAP queries to collect data for a sync
User profile attributes

Specify what attributes GCDS uses when generating the LDAP user profiles on the User Profiles page.

LDAP additional user attribute setting Description
Primary email LDAP attribute that contains a user’s primary mail address. This is usually the same as the primary mail address listed in the LDAP Users section.
Job title LDAP attribute that contains the user’s job title at their primary work organization. 
Company name LDAP attribute that contains the user’s company name of their primary work organization. 
Assistant’s DN LDAP attribute that contains the LDAP Distinguished Name (DN) of the user’s assistant.
Manager’s DN LDAP attribute that contains the LDAP DN of the user’s direct manager.
Department LDAP attribute that contains the user’s department at their primary work organization. 
Office location LDAP attribute that contains the user’s office location at their primary work organization. 
Cost center LDAP attribute that contains the user’s cost center information at their primary work organization.
Building ID

LDAP attribute that contains the ID of the building where the user works. This can also be set to "Working remotely" if the user doesn't have a primary office building.

Admins can also let users set their own locations. For details, see Let users change their photo and profile information.

Floor Name LDAP attribute that contains the specific floor the user works on.
Employee ids LDAP attribute that contains a user’s Employee ID number.
Additional email

LDAP attribute that contains user’s additional email addresses. You can enter more than one value into this field.

Note: This field only supports the synchronization of addresses using the Work email type.

Websites

LDAP attribute that contains the user’s website URLs. You can enter more than one value into this field.

Valid URLs are checked against the following regular expression:

^((((https?|ftps?|gopher|telnet|nntp)://)|(mailto:|news:))(%[0-9A-Fa-f]{2}|[-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$]]>

Invalid URLs are skipped.

Recovery email LDAP attribute that contains the user’s recovery email address.
Recovery phone

LDAP attribute that contains the user’s recovery phone. The phone number must be in the E.164 international standard, starting with the plus sign (+).

The attribute can be set as an expression by using square brackets. This allows you to include additional characters.

Examples:

  • +[ldap-attribute]—Prepends a plus sign to the value of the attribute.
  • +41[ldap-attribute]—Prepends a plus sign and country code to the value of the attribute.
Work phone numbers LDAP attribute that contains a user’s work phone number.
Home phone numbers LDAP attribute that contains a user’s home phone number.
Fax phone numbers LDAP attribute that contains a user’s fax number.
Mobile phone numbers LDAP attribute that contains a user’s personal mobile phone number.
Work mobile phone numbers LDAP attribute that contains a user’s work mobile phone number.
Assistant’s Number LDAP attribute that contains a work phone number for a user’s assistant.
Street Address LDAP attribute that contains the street address portion of a user’s primary work address.
P.O. Box LDAP attribute that contains the P.O. Box of a user’s primary work address.
City LDAP attribute that contains the city of a user’s primary work address.
State/Province LDAP attribute that contains the state or province of a user’s primary work address.
ZIP/Postal Code LDAP attribute that contains the ZIP code or postal code of a user’s primary work address.
Country/Region LDAP attribute that contains the country or region of a user’s primary work address.
POSIX UID LDAP attribute that contains the Portable Operating System Interface (POSIX) compliant user ID.
POSIX GID LDAP attribute that contains the POSIX compliant group ID.
POSIX username LDAP attribute that contains the username of the account.
POSIX home directory LDAP attribute that contains the path to the home directory for the account.
POSIX user account attributes

Specifies what user account attributes that you can edit using the directory API.

Note: After a successful sync the POSIX attribute won't be displayed on the Admin console under user information.

Posix user account attributes Description
username The user's primary email address, alias email address, or unique user ID.
uid The user ID on the instance for this user. This property must be a value between 1001 - 60000, or a value between 65535 - 2147483647. To access a container-optimized OS, the UID must have a value between 65536 - 214748646. The UID must be unique within your organization.
gid The group ID on the instance that this user belongs to.
homeDirectory The home directory on the instance for this user: /home/example_username.

Organizational units

Expand section  |  Collapse all & go to top

Organizational unit mappings

Specify how organizational units on your LDAP server correspond to organizational units in your Google domain on the Org units page.

If you add mappings for top-level organizational units, GCDS automatically maps suborganizations on your LDAP directory server to Google organizational units with the same name. Add specific rules to override suborganization mappings.

Easiest way to map your LDAP organizational unit—Create a mapping from your root LDAP organizational unit (usually, your Base DN) to "/" (the root organization in the Google domain). GCDS maps users to suborganizations on your Google domain using the same organizational unit structure in your LDAP server. Note that you still need to create search rules to ensure that GCDS creates the suborganizations in the Google domain.

To add a new search rule, click Add Mapping.

Mapping setting Description
(LDAP) Distinguished Name (DN) The DN on your LDAP directory server to map.

Example: ou=melbourne,dc=ad,dc=example,dc=com

(Google domain) Name The name of the org unit in your Google domain to map. To add users to the default organization in your Google domain, enter a single forward slash (/).

Example: Melbourne

Example: Mapping multiple locations

An LDAP directory server has an organizational hierarchy split between two office locations: Melbourne and Detroit. Your Google domain org unit hierarchy will match the same hierarchy.

  • First Rule:
    • (LDAP) DN: ou=melbourne,dc=ad,dc=example,dc=com
    • (Google domain) Name: Melbourne
  • Second Rule:
    • (LDAP) DN: ou=detroit,dc=ad,dc=example,dc=com
    • (Google domain) Name: Detroit

 
Example: Mapping LDAP org unit to Google Root org unit

  • (LDAP) DN: ou=corp,dc=ad,dc=example,dc=com
  • (Google domain) Name: /

 
Example: Mapping LDAP org unit to a first-level Google org unit

  • (LDAP) DN: ou=detroit,ou=corp,dc=ad,dc=example,dc=com
  • (Google domain) Name: Detroit

 
Example: Mapping LDAP org unit to a Google second-level org unit

  • (LDAP) DN: ou=detroit staff,ou=detroit,ou=corp,dc=ad,dc=example,dc=com
  • (Google domain) Name: Detroit/Detroit Staff
Organizational unit search rules

Specify your LDAP organizational unit search rules on the Org units page.

LDAP org unit search rule setting Description
(Optional) Org Unit description attribute An LDAP attribute that contains the description of each organizational unit. If left blank, the organizational unit won't contain a description when created.

Example: description

Scope
Rule
Base DN
For details on these fields, see Use LDAP queries to collect data for a sync
Organizational unit management

Specify how to manage your Google organizational units on the LDAP Org Units Mappings tab of the Org units page.

Organizational unit setting Description
Don’t delete Google Organizations not found in LDAP

If checked, Google organizational units are retained during a sync, even when the organizational units aren't in your LDAP server.

Don't create or delete Google Organizations, but move users between existing Organizations

If checked, Google organizational units aren’t synced with your LDAP server, but users can be added to existing Google organizational units as specified in your user search rules.

If unchecked, GCDS adds and deletes organizational units in your Google domain to match the organization structure in your LDAP server, according to the mappings you specify.

Groups

Expand section  |  Collapse all & go to top

Group search rules

To synchronize one or more mailing lists as groups in Google Groups, click Add Search Rule on the Groups page and specify the fields in the dialog box.

 
LDAP additional user attribute setting Description
Scope
Rule
Base DN
For details on these fields, see Use LDAP queries to collect data for a sync
Group email address attribute An LDAP attribute that contains the email address of the group. This will become the group email address in your Google domain.

Example: mail

Group display name attribute An LDAP attribute that contains the display name of the group. This will be used in the display to describe the group, and does not need to be a valid email address.
(Optional) Group description attribute An LDAP attribute that contains the full-text description of the group. This will become the group description in your Google domain.

Example: extendedAttribute6

User email address attribute An LDAP attribute that contains users’ email addresses. This is used to retrieve the email addresses of group members and owners given their DN

Example: mail

Group object class attribute

The LDAP object class value that represents your groups. It’s used to separate members who are users from members who are groups (also known as "nested groups").

Example: group

Dynamic (Query-based) group If checked, all mailing lists matching this search rule are treated as dynamic (query-based) groups, and the value of the Member Reference Attribute is treated as the query that specifies the membership of the group.

Check this box if your search rule is for Exchange dynamic distribution groups.

Note: If you manually enable DYNAMIC_GROUPS in your XML config file but leave out INDEPENDENT_GROUP_SYNC, make sure your dynamic group search rule is the first group search rule. See Troubleshoot common GCDS issues for details.

Member reference attribute
(Either this field or Member Literal attribute is required.)
If Dynamic (Query-based) group isn't checked, this field should reference an LDAP attribute that contains the DN of mailing list members in your LDAP directory server.

GCDS looks up the email addresses of these members and adds each member to the group in your Google domain.

If Dynamic (Query-based) group is checked, this should reference an LDAP attribute that contains the filter that GCDS uses to determine group membership.

Example (non-dynamic): memberUID

Example (dynamic): msExchDynamicDLFilter

Member literal attribute
(Either this field or Member reference attribute is required.)
An attribute that contains the full email address of mailing list members in your LDAP directory server. GCDS adds each member to the group in your Google domain.

Example: memberaddress

Dynamic group Base DN attribute If Dynamic (Query-based) group is checked, this field needs to contain an LDAP attribute that has the base DN from which the query specified in Member Reference Attribute is applied.

Dynamic groups in Exchange and GCDS work by noting membership as a LDAP query. The Member reference attribute contains the LDAP query and Dynamic group Base DN attribute points to the base DN where the query will be executed.

Example: Attributes and values of a dynamic group in LDAP

dn: CN=MyDynamicGroup,OU=Groups,DC=altostrat,DC=com
mail: mydynamicgroup@altostrat.com
member:
msExchDynamicDLFilter: (|(CN=bob.smith,OU=Users,DC=altostrat,DC=com)| (CN=jane.doe,OU=Users,DC=altostrat,DC=com)) msExchDynamicDLBaseDN: OU=Users,DC=altostrat,DC=com

Note that the attribute usually used to list group members ("member") is blank, and instead there's an LDAP query that will find bob.smith and jane.doe, looking in the "Users" organizational unit.

(Optional) Owner reference attribute An attribute that contains the DN of each group’s owner.

GCDS looks up the email addresses of each mailing list’s owner and adds that address as the group owner in your Google domain.

Example: ownerUID

(Optional) Owner literal attribute An attribute that contains the full email address of each group’s owner.

GCDS adds that address as the group owner in the Google domain.

Example: owner

(Optional) Alias address attributes

One or more attributes that contain alias addresses. The addresses are added in Google Groups as aliases of the group's primary email address. 

If the field is empty, no aliases associated with the group are removed. You can also manage aliases in in your organization's Google account.

Example: proxyAddresses

Group search rules (prefix-suffix)

You might need GCDS to add a prefix or suffix to the value that your LDAP server provides for a mailing list's email address or its members' email addresses. Specify any prefixes or suffixes on the Prefix-Suffix tab of the Groups page.

LDAP Group rule setting Description
Group email address—Prefix Text to add at the beginning of a mailing list’s email address when creating the corresponding group email address.

Example: groups-

Group email address—Suffix Text to add at the end of a mailing list's email address when creating the corresponding group email address.

Example: -list

Enable invalid characters replacement

Invalid character replacement

If you check the box, spaces and invalid characters in an email address are replaced with the string specified in the Invalid character replacement field.

If you check the box but leave the field blank, GCDS removes spaces and invalid characters from the address.

Example

The email address on the LDAP server is
x y\z@example.com.

  • If you add an underscore (_) to the Invalid characters replacement field, GCDS converts the email address to x_y_z@example.com.
  • If the Invalid characters replacement field is left blank, GCDS converts the email address to xyz@example.com.
Member email address—Prefix Text to add at the beginning of each mailing list member’s email address when creating the corresponding group member email address.
Member email address—Suffix Text to add at the end of each mailing list member’s email address when creating the corresponding group member email address.
Owner email address—Prefix Text to add at the beginning of each mailing list owner's email address when creating the corresponding group owner email address.
Owner email address—Suffix Text to add at the end of each mailing list owner's email address when creating the corresponding group owner email address.
Manager role configuration policy

Specify how the manager role is synced for Google Groups on the on the Search rules tab of the Groups page.

Notes

  • Active Directory does not support a group manager role. How GCDS synchronizes the Google Groups manager role is detailed below. 
  • GCDS doesn't provision manager roles during the synchronization process.
Configuration settings Description
Skip managers from sync Manager roles are ignored in the sync. GCDS doesn’t make any modifications to the role.
Keep managers If the user doesn't have an owner or member role in your LDAP data, the manager role in Google is retained. The manager role in Google is removed and replaced if the user has an owner or member role in your LDAP data.
Sync managers based on LDAP server The manager role in Google is removed and replaced if the user has an owner or member role in your LDAP data. If the user isn't a member of the group in your LDAP data, they're removed from the Google Group (including the manager role).
Google Group deletion policy

Specify how to manage your Google Groups on the Search rules tab of the Groups page.

Group deletion policy setting Description
Don’t delete Google Groups not found in LDAP If checked, Google Group deletions in your Google domain are disabled, even when the Groups aren't in your LDAP server.

Contacts & calendars

Expand section  |  Collapse all & go to top

Shared contact attributes

Specify what attributes GCDS will use when generating the LDAP shared contacts on the Shared Contacts page.

 
LDAP Shared Contact attribute Description
Sync key An LDAP attribute that contains a unique identifier for the contact. Choose an attribute present for all your contacts that isn't likely to change, and which is unique for each contact. This field becomes the ID of the contact.

Examples: dn or contactReferenceNumber

Full name The LDAP attribute or attributes that contain the contact’s full name.

Example: [prefix] - [givenName] [sn] [suffix]

Job title LDAP attribute that contains a contact’s job title. This field can be comprised of multiple concatenated fields, using the same syntax as the Full Name attribute above.
Company name LDAP attribute that contains a contact’s company name.
Assistant’s DN LDAP attribute that contains the LDAP Distinguished Name (DN) of the contact’s assistant.
Manager’s DN LDAP attribute that contains the LDAP DN of the contact’s direct manager.
Department LDAP attribute that contains a contact’s department. This field can be comprised of multiple concatenated fields, using the same syntax as the Full Name attribute above.
Office location LDAP attribute that contains a contact’s office location. This field can be comprised of multiple concatenated fields, using the same syntax as the Full Name attribute above.
Work email address LDAP attribute that contains a contact’s email address
Employee ids LDAP attribute that contains a contact’s employee ID number.
Work phone numbers LDAP attribute that contains a contact’s work phone number.
Home phone numbers LDAP attribute that contains a contact’s home phone number.
Fax numbers LDAP attribute that contains a contact’s fax number.
Mobile phone numbers LDAP attribute that contains a contact’s personal mobile phone number.
Work mobile phone numbers LDAP attribute that contains a contact’s work mobile phone number.
Assistant’s Number LDAP attribute that contains a work phone number for a contact’s assistant.
Street Address LDAP attribute that contains the street address portion of a contact’s primary work address.
P.O. Box LDAP attribute that contains the P.O. Box of a contact’s primary work address.
City LDAP attribute that contains the city of a contact’s primary work address.
State/Province LDAP attribute that contains the state or province of a contact’s primary work address.
ZIP/Postal Code LDAP attribute that contains the ZIP code or postal code of a contact’s primary work address.
Country/Region LDAP attribute that contains the country or region of a contact’s primary work address.
Calendar resource attributes

Specify the attributes you want GCDS to use when generating the LDAP calendar resources list on the Calendar Resources page.

 
LDAP Calendar attribute setting Description
Resource Id The LDAP attribute contains the ID of the calendar resource. This is a field managed on your LDAP system, which may be a custom attribute. This field must be unique.

Important: Calendar Resources won't sync an LDAP attribute which contains spaces or illegal characters such as the at sign (@) or colon (:).

For more information on calendar resource naming, see Resource naming recommendations.

(Optional) Display Name

The LDAP attribute that contains the name for the calendar resource. 

Example:

[building]-[floor]-Boardroom-[roomnumber]

In this example, building, floor, and roomnumber are LDAP attributes. Following a sync, these attributes are replaced by the appropriate value, for example, Main-12-Boardroom-23.

(Optional) Description The LDAP attribute that contains a description of the calendar resource.

Example: [description]

(Optional) Resource Type The LDAP attribute or attributes that contain the calendar resource type.

Important: Calendar Resources does not sync an LDAP attribute which contains spaces or illegal characters such as the at sign (@) or colon (:).

(Optional) Mail The LDAP attribute that contains the calendar resource email address. This attribute is only for use with the Export Calendar resource mapping CSV export option. GCDS doesn't set the email address of Google Calendar resources.
(Optional) Export Calendar resource mapping Generates a CSV file listing LDAP calendar resources and their Google equivalents. Use a CSV file with Google Workspace Migration for Microsoft Exchange (GWMME) to migrate the contents of your Microsoft Exchange calendar resources to the appropriate Google calendar resources. To learn more about GWMME, go to What is GWMME?

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
14668597919767169880
true
Search Help Center
true
true
true
false
false