This page is for Directory Sync. If you’re using Google Cloud Directory Sync (GCDS), go to GCDS. Directory Sync is currently in public beta.
Directory Sync syncs the group name, group attributes, and membership to your Google cloud directory.
Before you begin
You must set up a user sync before you set up a group sync. For details, go to Set up user sync.
Set up the groups to synchronize
Step 1: Select the groupsDirectory Sync does not sync security groups.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
Directory
Directory sync.
- Click the name of your external directory.
- Click Set up group sync.
- (Active Directory only) For Base DN, enter the base distinguished name (DN).
Example: ou=Sales, dc=example, dc=com. In this example, Directory Sync searches for groups and subgroups under the Sales organizational unit.
- (Azure Active Directory only) Choose an option:
- To sync all groups in your external directory, select Sync all groups.
- To sync specified groups, select Sync selected groups and enter the groups separated by a comma. Click Verify to check that the groups exist in your external directory.
- Click Continue.
- For Required attributes, confirm or enter the external directory attributes that map to the following group attributes in the Google cloud directory:
- Group email address (required)
- Groups display name (required)
- Group members (required)
- Group owner (required)
- Group description
For supported Azure Active Directory attributes, go to group resource type: Properties.
- Click Continue.
Important: Once a group is deleted, it cannot be recovered.
You can delete a group in your Google cloud directory if it's not found by the group scope in your external directory.
To delete groups not found in the external directory:
- Check the Delete group in Google directory box.
If you don't want to delete groups, uncheck the box.
- Click Continue.
You can choose to set the conditions under which a sync is automatically canceled. If the sync exceeds the safeguard limits, the sync is automatically canceled and no groups are deleted. No further syncs will run until you manually enable the sync.
To set a safeguard:
- For Safeguards, select Set a percentage of groups or Set a total number of groups and enter a percentage or number.
- Click Simulate Sync.
- If a safeguard is triggered, you receive a notification from the alert center that gives details about the failed sync. You can also view additional details in the audit log. For more information, go to Use the alert center and Check log events for Directory Sync.
What happens next?
Directory Sync simulates a sync. Depending on the size of your data, the process can take up to an hour to complete.
View the status of a simulation
You can return to the directory details page to see the status of the simulation. You can also check whether the simulation is complete in the Directory Sync log events:
- Open the Directory Sync log events.
For details, go to Access Directory Sync log event data.
- Click Add a filter
- Select Sync Completed and click Apply.
A Yes in the Simulation column indicates the simulation is complete. You might need to add the Simulation column to see the results.
Check the results of a simulated sync
When the simulation is complete, on the directory details page, click View Simulation log.
Related topic
Replace the domain name for synced users
Next step
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.
