If you are syncing from Microsoft Active Directory (AD), you need a Virtual Private Cloud (VPC) access connector in Google Cloud to use Directory Sync. You use the VPC access connector to allow the Google Cloud project resources, such as a virtual machine or Cloud VPN, to communicate with AD.
If you're syncing from Microsoft Azure Active Directory, you do not need a VPC access connector.
What's required
We recommend that you set up the VPC access connector in the same Google Cloud project that's hosting Cloud VPN, Cloud Interconnect, or AD. You need edit access to this project.
To set up the VPC access connector, follow the steps in Connect to a VPC network.
About VPC Service Controls
To ensure that Directory Sync can communicate with your AD server, make sure that a VPC Service Controls perimeter rule isn't blocking egress connections to artifactregistry.googleapis.com. For details, go to Troubleshoot Directory Sync.
About access connector regions
Support for additional regions coming soon
- We support VPC access connectors in 6 regions (us-central, us-west1, us-east1, asia-southeast1, asia-east1, and europe-west1). For details, go to Regions and zones.
- We recommend your VPC access connector is created in the same region as your Cloud VPN or Cloud interconnect.
- If you set up your VPC access connector in a different region to your Cloud VPN or Cloud Interconnect:
- When you create the VPC access connector, associate it with the nearest supported region.
- To ensure Directory Sync can communicate with your AD server, set the dynamic routing mode to Global. For details, visit Set the dynamic routing mode.
Next step
Enable the Data Connectors API
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.