Working with Google Apps School Directory Sync

At school we are moving full force into a Google Apps deployment. In order to make it manageable, we have elected to use the Google Apps School Directory Sync app, developed by the same guy as the Google Apps Directory Sync app – and largely to fulfil the same function, but this time using easily exported data from a school management software.

I have written a module into ADAM which updates the CSV files periodically and a scheduled task on the server performs an automatic synchronisation of the data up to Google Apps. This process also creates and suspends users (although it doesn’t have to) leaving us with the most accurate list of accounts possible.

SDS does allow one to create students and staff in containers, but those containers are not customisable. We make use of several settings that apply to specific age groups (e.g. turning Google+ off for the primary school pupils) and so having two uncustomisable containers is not helpful. To that extent, I’ve turned off the containers and have undertaken the task every once in a while to scan the root container for new users and move them into their respective folders. This is a reasonably easy task for us since the usernames start with the year of their matriculation and so finding the containers to put them in is easy.

The system is rather American-centric (which may or may not be fair) in that it assumes Google Apps domains will be based on districts and not individual schools. It also means that the naming of the classes is odd when faced with the South African education paradigm (SDS uses “Course, Period and Section” instead of “Subject, Grade and Class”). So while it is still possible for SDS to automatically create the distribution lists for each class, they seem to appear with strange names. But that is a minor consideration in the long run.

I did need to learn a thing or two about regular expressions and negative forward lookups. The groups that are created by SDS are all prefixed with the school’s name. I want SDS to be able to add and delete those groups to its heart’s content, but leave my other groups alone. This was achieved with an exclusion rule that uses a negative forward lookup regular expression.

As with GADS, exclusion rules are crucial. We have a number of dummy accounts that we use for testing things in Google which, of course, are not part of our “live” data and so we created a container for these users and excluded it from the synchronisation process.

There are fewer options in SDS than there are in the more established (and powerful) GADS, but with more schools moving away from local area networks, there are not always options when it comes to managing user accounts and, more importantly, the groups of pupils. SDS provides a useful solution, but perhaps one with a few shortcomings.