3

Is there a way to integrate the login and account management of Google Apps and Microsoft Windows Server Essentials 2011, so that I only have to maintain one set of user data between the two products? It would also be great to integrate the contacts between windows and Google as well. Just wondering...

Michael Ervin
  • 31
  • 3

1 Answers1

2

We're not using Server Essentials, but these tools should work with your AD regardless.

For user, group, contact and resource sync there is the Google Apps Directory Sync tool. It is extremely flexible and can be adjusted with rule sets for each object type.

If you need instant password sync, you can install a Password Filter on your DC. This will update the Google Apps password when the user changes it in Windows. There are a couple different projects to do this:

You can also do external authentication (SAML, OpenID, etc) with Google Apps, but this can be a problem for mobile device and other non-browser usage.

jscott
  • 24,484
  • 8
  • 79
  • 100
  • Just to point out the latest version of ADFS supports SAML so it may be a bit easier to setup SSO now than it was a while ago. Also, a lot of the password apps catch the clear-text password on your DCs before it is encrypted and stored. If you have a security tight environment, this may not be doable. – Brent Pabst Sep 13 '12 at 00:44
  • @BrentPabst Thanks for the update. The above utils are all AD [password filters](http://msdn.microsoft.com/en-us/library/windows/desktop/ms721882(v=vs.85).aspx), which are installed on the DCs and process the password change exactly as the rest of the domain's passwords policy. They also use https and Google Apps API to apply the change. SAML is great, but mobile support just *still* isn't there yet. – jscott Sep 13 '12 at 00:59
  • Good to know, yea the old BPOS method on the MSFT side was to use a password filter as well. I'm surprised the SAML stuff doesn't work on mobiles with GA, had no problems with O365. – Brent Pabst Sep 13 '12 at 02:28