Showing posts with label Google Apps Directory Sync. Show all posts
Showing posts with label Google Apps Directory Sync. Show all posts

Tuesday, April 12, 2011

Google Apps Directory Sync Exclude Organization

With release 2.01 of Google Apps Directory Sync you can exclude organizations within your Google Apps domain from being sychronized.  This avoids having to individually exclude accounts like administrators or any other account that isn't in your LDAP or Active Directory.

However, there is zero documentation provided and we've found that only substring match will work.

Note also that there is an issue we confirmed with Google support that should be fixed in a future release where this exclusion rule will not work on any usernames that contain capital letters.  So if the username is Username@yourdomain.com instead of username@yourdomain.com this exclusion rule won't work on that account.  We had to use the GAM command line tool to rename some accounts to work around this issue for a customer.

If you would like some assistance with Google Apps Directory Sync feel free to contact Interlockit.com.

Tuesday, June 29, 2010

Google Apps Directory Sync: Tips for Microsoft Active Directory

The Google Apps Directory Sync tool really should be installed at any mid to large corporation using a Microsoft Windows Server (or any LDAP compatible directory server).  It eliminates the need to add, change, or delete users in two different places.

LDAP Directory Sync is definitely complex with a steep learning curve.  You need a good understanding of how to create LDAP queries as there are only limited examples in the provided documentation.  However, once it's configured there should be little reason to change it.

It's our experience that in most installations you'll need one configuration file for synchronizing Users, Profiles, and Contacts and another configuration file for Groups.

If you're migrating in batches from an email server such as Exchange Server to Google Apps it's best to synchronize only users that are a member of a Security Group such as "Google Apps Users".  That way the user is created in Google Apps only after they've been made a member of the security group.

Here's a sample LDAP user query: 
(memberOf=CN=Google Apps Users,OU=Security Groups,DC=domainname,DC=local)

Replace OU=Security Groups,... with the appropriate location in your Active directory tree of the security group.

And note that Google Postini has the same ability to synchronize to Microsoft Active Directory or your LDAP directory server.

Or give us a call at Interlockit.com.  We're happy to configure it for you.