Syncing users in Google The information below outlines the necessities for each type of user/group to be provisioned in Google and common issues that we see causing sync issues. Currently, we have over 1,000 different search rules working off of these parameters to sync users to Google. Syncs are scheduled every three hours and are checked daily to ensure regular functionality. Standard UserProvisioning requirements● memberof=cn=0000-ap-mail disentanglement final phase users,ou=mail disentanglement groups,ou=fim exclusions,OU=Enterprise Production,DC=cov,DC=virginia,DC=gov ● objectclass=user ● mail=* (must be mail-enabled) ● Not disabled ● Licensing ○ msExchExtensionAttribute40=[gunl, g30] ● Vault ○ msExchExtensionAttribute30=Y Optional parameters● MDM Approved: msExchExtensionAttribute45=Y ● Airwatch enabled: msExchExtensionAttribute37=Y ● POP/IMAP enabled: msExchExtensionAttribute36=Y ● Virtru encryption: msExchExtensionAttribute41=Y ● Esna Fax: msExchExtensionAttribute42=Y ● Esna Voicemail: msExchExtensionAttribute43=Y ● HMA Veritas: memberof=cn=0000-AP-Mail Disentanglement HMA Users,ou=mail disentanglement groups,ou=fim exclusions,OU=Enterprise Production,DC=cov,DC=virginia,DC=gov Common Issues● User is not in the AP-Mail Disentanglement Final Phase Users group in AD. ● User does not have all the attributes assigned for the features they need.
Shared AccountProvisioning requirements● memberof=CN=0000-AP-Mail Disentanglement Final Phase Resource Accounts,OU=Mail Disentanglement Groups,OU=FIM Exclusions,OU=Enterprise Production,DC=cov,DC=virginia,DC=gov ● mail=* (must be mail-enabled) ● Licensing ○ msExchExtensionAttribute40=[gunl, g30, g30Vault] ● Vault ○ msExchExtensionAttribute30=Y Optional parameters● MDM Approved: msExchExtensionAttribute45=Y ● Airwatch enabled: msExchExtensionAttribute37=Y ● POP/IMAP enabled: msExchExtensionAttribute36=Y ● Virtru encryption: msExchExtensionAttribute41=Y ● Esna Fax: msExchExtensionAttribute42=Y ● Esna Voicemail: msExchExtensionAttribute43=Y ● HMA Veritas: memberof=cn=0000-AP-Mail Disentanglement HMA Users,ou=mail disentanglement groups,ou=fim exclusions,OU=Enterprise Production,DC=cov,DC=virginia,DC=gov Common issues● Shared account is in the user provisioning group instead of the resource account provisioning group. ● Shared account is not in a sub-OU to OU=Exchange Resource Accounts,OU=COV-Users,DC=cov,DC=virginia,DC=gov Distribution List/Google GroupProvisioning Requirements● mail=* ● objectclass=group ● Located in ou=distribution lists, ou=cov-groups,dc=cov,virginia,gov ○ Or OU=DEQ,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or OU=DMAS,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or OU=DGS,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or OU=JYF,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or OU=VDACS,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or OU=TAX,OU=Security Groups,OU=COV-Groups,DC=cov,DC=virginia,DC=gov ○ Or mail=cap98@cov.virginia.gov ○ Or mail=alertingglanotice4taxisp@tax.virginia.gov Common Issues● Group is in security group OU in AD rather than distribution list OU. |