Skip to content
Ricky's Tech Explorer Log

Google Cloud Directory Sync Setup

Purpose

Using GCDS for AD account migration tasks

AD environment for this test:

  • OS: Windows Server 2008R2 x64
  • CPU: 2 vCPU
  • RAM: 4 GB
  • HDD: 60 GB

Steps

Install GCDS

You can refer to this tutorial for migration:

Download and install GCDS - Google Workspace Admin Help

For GCDS download, please click the following link:

Google Cloud Directory Sync

GCDS download page

If you can’t download, please use this direct link:

Downloading Google Cloud Directory Sync

GCDS direct download link

Open the downloaded GCDS installation file and run as administrator

Running GCDS installer as administrator

Click Next

GCDS installation wizard - Next step

Accept and continue

GCDS installation wizard - Accept and continue

Click Next

GCDS installation wizard - Next step

Click Next to start installation

GCDS installation wizard - Start installation

Installation complete

GCDS installation completed

Use GCDS to Sync AD Accounts

Configure Google Domain Configuration

Open GCDS Configuration Manager

Opening GCDS Configuration Manager

Enter GWS domain account and login to verify

Entering GWS domain account for verification

Enter GWS super admin account

Entering GWS super admin account

Allow relevant permissions

Granting necessary permissions

  1. Check to use Primary Domains Name as main when syncing, to avoid AD domain name syncing to GWS
  2. After successful verification, you’ll see the following screen

Successful verification screen

Set Excluded Accounts

Add account exclusions, usually adding the superadmin account to avoid deactivation during sync

Adding account exclusions

Add to exclusion list to prevent account closure during sync

Adding accounts to exclusion list

Configure LDAP Configuration

Click LDAP Configuration

  1. Choose Standard LDAP
  2. Enter 127.0.0.1 to use local AD
  3. Choose simple
  4. Enter AD account password
  5. Enter LDAP DN, e.g., for example.com, enter DC=example,DC=com
  6. Test connection

Configuring LDAP settings

After successful test, you’ll see this screen

Successful LDAP connection test

Configure General Settings

First, check User Accounts

Selecting User Accounts in General Settings

Configure User Accounts

User Attributes
  1. Click User Accounts
  2. Click User Attributes
  3. Click Use defaults
  4. Uncheck this item to disable GWS accounts if they don’t exist during AD sync

Configuring User Attributes

Additional User Attributes

Simply click Use defaults

Setting Additional User Attributes

Search Rules
  1. Click Search Rules
  2. Add condition
  3. Enter condition

Adding Search Rules

Sync Specific Groups

  • Can sync specific AD groups or users in specific OUs, this example syncs gws group users

  • Ensure the gws group exists in the AD Users folder and contains users

(&(memberof=CN=gws,CN=Users,DC=sub-domain,DC=domain,DC=ooo)(objectCategory=person)(objectClass=user)(mail=.)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Configuring sync for specific groups

Configure Sync

  1. You can first perform a simulation sync
  2. After confirming no issues, proceed with the actual sync

Setting up sync options

If the simulation looks good, you can close this window

Confirming simulation results

Click to start the actual sync, you’ll be asked to confirm, click continue

Starting actual sync process

After completion, you’ll see GWS users synced

GWS users synchronized

FAQ

Group Recursion

Query AD Objects

You can open cmd and use the dsquery . command to query

LDAP Server & User Details | Greenview Data

Regular Sync

Run sync from the command line - Google Workspace Admin Help