Manage conflicting accounts with GCDS

When Google Cloud Directory Sync (GCDS) attempts to create new users, it might encounter unmanaged accounts that conflict with the new accounts that it's attempting to create. How GCDS handles these accounts depends on your settings in the Google Admin console.

What are unmanaged & conflicting accounts?

An unmanaged account is a user account that exists in your Google domain but isn't currently managed by your organization. Unmanaged accounts are users who independently created a Google account using one of your organization's domains but aren't under the administrative control of your organization. Some unmanaged accounts result in conflicting account names. A conflict is triggered when GCDS attempts to create a managed account with the same name as an unmanaged account.

For details about unmanaged and conflicting accounts, go to Find and add unmanaged users.

How GCDS handles conflicting accounts

GCDS handles conflicts based on the settings in your Admin console. For details on how to manage these settings in your Admin console, go to Set the option for handling unmanaged user accounts

Option 1: Replace conflicting unmanaged accounts

If you haven't chosen a setting in the Admin console, or selected Replace conflicting unmanaged accounts with managed ones, GCDS handles conflicts as follows.

Action GCDS evicts the unmanaged account by removing its domain name and renaming the account to username%googleworkspacedomain@gtempaccount.com. GCDS then creates the managed account using the original account name. 
Reporting The Apply report displays the account creation as a regular entry in the Successful user changes section.

Option 2: Don't replace conflicting unmanaged accounts

If you select Don’t replace conflicting unmanaged accounts with managed ones in the Admin console, GCDS handles conflicts as follows.

Action GCDS doesn't create the managed account.
Reporting The Apply report displays the event in the Conflicting unmanaged user accountsand thenSkipped section.

Option 3: Invite users to transfer conflicting unmanaged accounts

If you select Automatically invite users to transfer conflicting unmanaged accounts to managed ones in the Admin console, the unmanaged account holder is invited to transfer their data to a managed account. You set a follow-up period where the user is prompted to transfer their account. GCDS handles conflicts as follows.

Action

If the user doesn't respond to the invitation during the invitation period, GCDS takes no action.

If the user declines the invitation or the invitation expires, GCDS takes one of the following actions at the next sync (depending on the option you selected in the Admin console):

  • Replace the user's conflicting account with a managed one–For details, go to Option 1 (earlier on this page).
  • Doesn't replace the user's conflicting account–For details, go to Option 2 (earlier on this page).
Reporting The Apply report displays the event in the Conflicting unmanaged user accountsand thenInvited section.

Turn off unmanaged account processing with GCDS

Important: Turning off this feature has the same effect as selecting Replace conflicting unmanaged accounts with managed ones. For details, go to Option 1 (earlier on this page).

We recommend that you don't turn off the feature in GCDS and instead choose your setting in the Admin console. Doing so offers you greater flexibility and control over how unmanaged accounts are processed. For details, go to Find and add unmanaged users.

If you want to turn off the feature using GCDS, manually add the flag DONT_RESOLVE_USER_CONFLICT_ACCOUNTS to the configuration file. For more information, go to How do I add an optional feature flag to the GCDS configuration file?

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
10980463517225053099
true
Search Help Center
true
true
true
false
false