Are you planning to migrate from MS suit to Google Apps?
Some time back I did one such migration and came across several posts where people said "Google AD sync doesn't work properly", etc etc.
But I found it very useful and usable, with a fact that not much of the documentation is available around it.
This lack of documentation inspired me to write this blog, hopefully it will ease up your work.
To begin with, you need to have:
* Working MS AD and an account with Google App
* Administrative credentials for both (AD and Google App) accounts.
* "Google Apps Directory Sync tool" installed on your system.
Now lets see how it is done:
* Start the "Configuration Manager" from your startup menu.
* Fill the required details as shown in screenshots.
General Settings: Check the options that you want to migrate to Google Apps. In my case I used only Users and Groups.
Google Apps Settings: Fill the email and password of user with Administrative privileges on Google Apps.
LDAP Connection: This part needs your local LDAP/AD details. The provided user nay not be admin, but needs only read access.
User Attributes: Provide the local (LDAP/AD) attribute for mail ID (in my case it was mail).
User Extended Attribute: This configuration maps local given name, sir name and password attributes to Google Apps.
Specifying Suspension Policy enables the user to decide what to do if a user is present in Google Apps and not in local AD.
User Sync: Add a new rule. This rule will define which users to sync (or which user not to sync). The rule field accepts RegEx, allowing us to add multiple users through one line.
Notification: In this section define your SMTP server and other details required to relay email on success or failure of this sync up.
Sync Limit: This section is to specify the suspension limit. In simpler words "The script should fail if more users are being suspended (than the specified limit)".
Log File: Specify a valid log file path here. The sync tool will save its output in this file.
Anything Else: There are many more options available (example syncing contacts etc), but in this blog I documented only the minimalistic configuration (and that was what I required fro my project).
* Test it out.
Simulate Sync: This tab will tell you if your configuration is correct. And if you don't find any error (warnings are still OK), then just hit "Simulate Sync" @ the bottom.
Result: Hitting Simulate Sync will take you to a new view. Check if you see users being synced and you don't have errors.
* Save this configuration to a file. I saved it as google-sync.xml.
* Run it: As of now this sync can only be run through command line, so just run this command and see the magic.
* Schedule it with the help of tool like Jenkins and you are done with one aspect of migration which gives head ache to people.
PS: Scheduling it through a tool makes it easy to monitor and/or run it on demand.
Some time back I did one such migration and came across several posts where people said "Google AD sync doesn't work properly", etc etc.
But I found it very useful and usable, with a fact that not much of the documentation is available around it.
This lack of documentation inspired me to write this blog, hopefully it will ease up your work.
To begin with, you need to have:
* Working MS AD and an account with Google App
* Administrative credentials for both (AD and Google App) accounts.
* "Google Apps Directory Sync tool" installed on your system.
Now lets see how it is done:
* Start the "Configuration Manager" from your startup menu.
* Fill the required details as shown in screenshots.
Specifying Suspension Policy enables the user to decide what to do if a user is present in Google Apps and not in local AD.
User Sync: Add a new rule. This rule will define which users to sync (or which user not to sync). The rule field accepts RegEx, allowing us to add multiple users through one line.
Anything Else: There are many more options available (example syncing contacts etc), but in this blog I documented only the minimalistic configuration (and that was what I required fro my project).
* Test it out.
* Save this configuration to a file. I saved it as google-sync.xml.
* Run it: As of now this sync can only be run through command line, so just run this command and see the magic.
sync-cmd.exe -a -c "google-sync.xml" -r C:\Sync-logs\Google.Sync.logs
* Schedule it with the help of tool like Jenkins and you are done with one aspect of migration which gives head ache to people.
PS: Scheduling it through a tool makes it easy to monitor and/or run it on demand.
No comments:
Post a Comment