Your company has just activated Cloud Identity to manage Google Cloud access. The on-premises Microsoft Active Directory holds about 1,000 user accounts and 50 security groups that must appear in Cloud Identity and stay synchronized. The security team requires that new and deleted AD accounts be reflected in Cloud Identity within one hour, and they do not want to maintain any custom code. Which approach satisfies these requirements with the least ongoing effort?
Install Google Cloud Directory Sync on an on-premises server, configure it to read from Active Directory, and schedule it to run every hour to synchronize users and groups to Cloud Identity.
Export users and groups from Active Directory to a CSV file each day and use the Cloud Identity Admin Console to import the file.
Write a Cloud Function triggered hourly that calls the Cloud Identity Admin SDK Directory API to add or delete users and update group memberships based on an exported AD list.
Enable Secure LDAP in Cloud Identity and configure it to query the on-premises Active Directory, allowing identities to be pulled automatically.
Google Cloud Directory Sync (GCDS) was designed specifically to copy and continuously reconcile users, groups, and shared contacts from an LDAP directory such as Microsoft Active Directory into Cloud Identity or Google Workspace. Once installed on a domain-joined host, GCDS can be scheduled (for example, every 60 minutes) and runs without writing any custom scripts.
Importing CSV files is entirely manual and would not meet the one-hour propagation requirement. A Cloud Function that calls the Admin SDK would work but requires custom code and ongoing maintenance, which the security team wants to avoid. Secure LDAP exposes Cloud Identity as an LDAP server for downstream applications; it does not pull user data from Active Directory, so it cannot synchronize identities from AD into Cloud Identity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud Directory Sync (GCDS)?
Open an interactive chat with Bash
How does GCDS compare to Secure LDAP for identity management?
Open an interactive chat with Bash
Why doesn’t exporting a CSV file daily or using a Cloud Function meet the security team’s requirements?
Open an interactive chat with Bash
What is Google Cloud Directory Sync (GCDS) and how does it work?
Open an interactive chat with Bash
Why is Secure LDAP not suitable for synchronizing identities from AD to Cloud Identity?
Open an interactive chat with Bash
How does synchronizing via a CSV file import differ from using GCDS?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .