User sync errors, Group sync errors, Synchronization rules – Google Apps Directory Sync Administration Guide User Manual

142

Release 4.0.2

What port numbers should be used in GADS when connecting to Global Catalog server?

By default, GADS connects to an LDAP server with the standard LDAP port 389 to query users from a
single domain/LDAP server.

If you need to query users over multiple domains/LDAP servers that have trust relationship, configure
GADS to connect to a Global Catalog server with the standard Global Catalog server port 3268.

User Sync Errors

Error Message: You are not authorized to access this API

Confirm that you are using Google Apps for Work, Partners, Government, or Education.

Enable APIs on your Google Apps domain, as described in “Enable APIs” on page 38.

Error Message: Domain User Limit Exceeded

You attempted to add more users than you have licensed seats. Contact your sales representative to
purchase more user licenses, or change your LDAP queries to synchronize fewer users.

Group Sync Errors

Groups with over 1500 members in my Active Directory server members aren’t syncing correctly.

Make sure you have selected MS Active Directory in the Server Type field of the LDAP Configuration
section.

Synchronization Rules

Users are getting recreated on every sync

This happens when the LDAP attribute configured as the Group Name Attribute does not contain a full
email address.

To resolve this issue, check your Group Search rules and make sure that GADS uses a full email address
for the group names. Use one of the following methods:

•

Set the Group Name Attribute to a different LDAP attribute that specifies a full email address for each
group, such as mail.

•

Enable “Replace domain named in LDAP email addresses (of users and groups) with this domain
name” in Google Apps Settings, so that your Group Name Attribute matches the Google-side group
names.

•

Add the domain name to the group name by specifying a Group Name Suffix in your Group Search
Rule.