Gsuit User administration
This page was set to be reviewed before 2022-01-01 by the page owner.
Contact the page Owner (opens default mail client) if you require this page to be updated
Global info can be set under
Account settings but this has changed from `Company profile`
Creating users can be done using:
- CSV upload
- Click and point
- SDK API
- Google cloud directory sync (GCDS)
For the CSV upload it can take up to 24 hours for the users to appear as being searchable
If you are uploading more than 500 users, you should split the files in to smaller lots of around 300 give or take users for concurrent processing
Sync users with GSuit using GCDS
You are able to sync gsuit with Microsoft active directory, or ldap server. it allows you to ensure that gsuit groups and contacts and users remain in sync
Updates only flow up to google. Google does not make changes to a local directory
Configuration files are stored as XML
You need to download software on the microsoft server
Under google domain config, you add the primary domain name, then select to replace users emails and domains
If it fails:
Ensure code is correct
Computer's time zone is correct
You're able to limit users by adding an exclusion rule.
Ldap is the single source of truth so exclude admin
Chose what to sync. E
Ensure that you select 'Don't suspend or delete google domain admins not found in ldap'
You can now synch passwords with AD, but can use Gsuit password synch
You can set up a search rule, but with AD you can select to use defaults.
If your delete and suspend limits exceed you will get an error
`sync -c file.xml` does a dry run
`sync -c file.xma -a` runs a full sync
There are 2 types of groups:
- Admin console groups : Groups used from collaboration, communiation and administratiom
- Only managed by admins
- Groups for business : Groups for communication and collab (managed from groups.google.com)
- Managed by users and admins
For a user to be able to email a group, you need to have the users who will want to email people set as a maanger:
You must assign a license to a use, however if you use gsuit enterprise it's automatic
Suspended users will not be able to log in and will not get emails or calendar invites
You are able to assign users to an OU much like how you would in Active Directiory
You need tos et the top level to off then maange per OU
Directories allow adding custom fields to users as well as a 'virtual card' about that user so people can see stuff like location etc
This can also be managed per OU
You can populate users profiles as well as create custom directories
You can add external vendors as well
This is used for users cards to help with booking meeting rooms
You can populate info through:
- Cloud sync
- Google user management
- Admin SDK
To set different access to directories you can use OU's:
You can contain custom directories, create a Google group, then add the group to the directories.
Enable direcotry editing by going to Directory > directory settings
Here you can enable things that people are able to edit.
You should add work location so GCal can see where they are and suggest meeting rooms for users.
If you add in the employee ID then you can use this as a login verification
If you are creating a user that should not be able to see the whole directory, you will need to add them to an OU (create one if not already done) then a group, then your custom directory.
First create a new OU
Create the group for the OU
Create the users
Add the users to the group as a manager
Go to the OU under Directory Settings > visibility settings
Set it as `Users in a custom directory` then create new and name it then add a group to it:
This is a change that takes up to 24 hours to process
During business operations you will deal with external vendors frequently and can add them to your directory for all users that can see that directory, to be able to see details about them.
Users have their own contacts that are not shared with the org.
Admin roles are roles given to an admin that allows them to perform actions in the gsuit org. You can give a user roles to manage users or to the whole domain
To assign an admin role you can select the user's account under admin.google.com then assign roles.
You can not edit the pre-set roles, but you can create custom roles based off of the pre-defined options
Super admin can do all operations
Help desk admin can reset passwords for the users
Things to note:
- The more administrators you have, the more it affects your account recovery options
- Ensure you trust the users you are giving access to admin and ensure 2fa is enforced
Like previously mentioned you are able to create custom roles. To do so, go to the admin page then users then roles, then create new role:
You from here can select what roles to assign to the role.
You want to create more roles with fewer privileges to assign to a user than one fat rule.
Want to make this site better? Open a PR or help fund hosting costs