Cloud Services Thread, Google Apps GADS sync and exclusions in Technical; we have a OU similar to this
In staff users are OU according to department, e.g. ...
27th February 2013, 12:08 PM #1
Google Apps GADS sync and exclusions
we have a OU similar to this
In staff users are OU according to department, e.g. senior teaching etc.
There is also an OU called staff leavers, which we move staff into when they leave (sometimes they come back) I should fix this by proposing they are perm deleted really.
I set this OU as a Org Unit exclusion rule except the users still get imported and the group isn't created in the dashboard - only the users still get imported into the root OU.
I guess this is by design, or a limitation of the tool.
I can fix this by removal of the email field in the user properties in the AD.
Or I could just move the OU out of the scope of the Base DN I'm using.
Or I could sit and add all the OUs in User Account search rules on the GADS utility - quite a lot to do but perfectly possible.
How is everyone else doing it? Are you finding you need to modify your OU for GAPPS?
27th February 2013, 01:35 PM #2
We don't keep leavers on the system. Files are either moved to departmental areas or other colleagues, or get deleted. A bit brutal, perhaps, but SLT approved it. This also solves the problem of leavers continuing to appear in the global address list.
27th February 2013, 01:59 PM #3
I agree with doing that too i'll make the proposal, I think to save time I'll move them into another OU outside of the Base DN.
Other issue is test accounts etc., plus I have an Exams OU for exam accounts and some other random ones that I don't want in gapps.
Last edited by caffrey; 27th February 2013 at 02:04 PM.
27th February 2013, 02:17 PM #4
Actually I've managed to figure it out so ignore me, just create a search rule under user accounts with "suspend these users in google apps" and Base DN as the OU you don't want.
Last edited by caffrey; 27th February 2013 at 02:19 PM.
27th February 2013, 03:32 PM #5
Careful with that - I believe that suspended users are deleted after 30 days.
As for your exam accounts, you have several options - 1) delete their email addresses from Active Directory (Bulk AD Users from WiseSoft can assist you with that if you have lots); 2) create an exclusion rule in the Org Units section of GADS to omit either OU; 3) move the exams accounts OU to one which is not a sub-OU of the Pupils OU
I also have a couple of test accounts which have caused confusion when they appeared in the global list, so either change their name so that it is very obvious they are test accounts or manually hide them from the address list (go into the user in Dashboard and untick "share contact information" or something like that).
Thanks to enjay from:
caffrey (27th February 2013)
27th February 2013, 04:43 PM #6
Thanks enjay for all the help,
The suspended account thing is fine here, next thing to wrap my head around is getting our mail distribution lists sorted
27th February 2013, 05:03 PM #7
Distribution lists are also fairly straightforward, as you can use your existing AD groups. In Active Directory Users & Computers, open your "All Staff" group, and give it the email address email@example.com; repeat for all the other distribution lists you need, creating AD groups for them where one doesn't already exist, and GADS will create Groups for you.
It does take some time to get GADS up and running, I won't lie, but once it is done, you can schedule it and then walk away.
I hardly ever go into the Google Apps Dashboard now - I do everything in AD and let GADS sync it across. GADS creates users, groups, membership, passwords for new users; Password Sync then synchronises password changes.
I actually have GADS and PS handling passwords, as it allows me to change a user's password so I can log in to their email and then have GADS change it back without them knowing I was ever in it - useful when configuring things for staff members, checking mail of an absent staff member and also cyber-bullying issues.
27th February 2013, 06:25 PM #8
Time is something I seem to lack lately
I started playing with Distribution lists using existing ones in our OU, problem is our mail distribution groups (we have quite a few) are mostly populated from a security group OU so I had a problem with the base DN, only had a quick look but I'll play around with it some more. To be honest i'm sure the OU mail distribution lists could do with an overhaul.
I eventually want to end up with a system like yourself with minimal admin needed on the dashboard, the sync schedule can easily just be weekly as users rarely change.
28th February 2013, 10:22 AM #9
I can email you our XML config file if that would help...
Our mailing lists are populated from "Security Groups" too, so that can't be an issue.
I agree re weekly or even monthly sync once it is running, and then run it manually should you need to change something quicker, but decided to keep it daily because a) I could then forget about it, rather than have to remember to run it if I made an important change to email groups, b) for the password syncing allowing me to access users' mailboxes if I need.
Thanks to enjay from:
caffrey (28th February 2013)
28th February 2013, 03:43 PM #10
No its fine, thanks for the offer your xml file, haven't had chance to look at it today avahi is taking up my time!
Problem with the OUs is they are in the root
Mail distribution OU, which are populated from
Like I said, not had much time today - think I'll leave it for tomorrow!
cheers for the help
28th February 2013, 04:06 PM #11
Don't think it matters where your mail distribution groups are, so long as you specify the OU. On the Groups page of the Config Manager, create a search rule as follows:
Base DN: CN=blah,DC=blah,DC=blah
Group email address attribute: mail
Group display name attribute: name
Member reference attribute: member
By richbrowncardiff in forum Cloud Services
Last Post: 27th January 2013, 08:33 PM
By IT_Man_Dan in forum Cloud Services
Last Post: 6th December 2012, 11:40 AM
By rama1712 in forum Cloud Services
Last Post: 6th December 2012, 11:39 AM
By localzuk in forum Virtual Learning Platforms
Last Post: 8th November 2011, 09:43 AM
By ianniow in forum General Chat
Last Post: 12th May 2011, 01:52 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)