Wednesday, May 13, 2015

Configure GADS for Nested Groups

Configuring Google Apps Directory Sync (GADS) to utilize nested AD groups requires that the 'members' field, of the GADS group search rule, be populated with a valid AD filter.  GADS will look at any Unicode attribute in an AD object to fetch that filter.  Before we can point GADS to that attribute, we'll need to populate it.

That filter can be generated a number of ways, but here's an example in power-shell:

The member field of the GADS group rule looking at your target ou should be populated with the attribute which is storing filter information (In our above script, we used the attribute info).  Also ensure that the "Dynamic (query-based) group" checkbox is checked.