Click here to Skip to main content
12,703,067 members (28,303 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


2 bookmarked

Synchronizing Google Groups and Active Directory Group Members

, 21 Jul 2011 CPOL
Rate this:
Please Sign up or sign in to vote.
I have been doing a lot of synchronization projects lately like SalesForce events and Google Calendar Events, Active Directory and some Payroll Application and now Google Groups and Active Directory Groups.   It may sound too complicated to develop but trust it is not as complicated as you think.

I have been doing a lot of synchronization projects lately like SalesForce events and Google Calendar Events, Active Directory and some Payroll Application and now Google Groups and Active Directory Groups. It may sound too complicated to develop but trust it is not as complicated as you think.

For this article I will be presenting you a working code one way group membership synchronization that you can start with. I hope this post will show you the concepts needed to achieve our end result which is synchronizing members in Active Directory and Google Groups. Before you get started I am assuming that you have Google Apps for your domain already setup and running for your organization otherwise you need to have it first before proceeding.

Now let’s get started, first you need to download the Google Apps .Net Client Library which you can find here. Once downloaded set it up then were ready to roll.

Fire up your Visual Studio and add the following dll’s (Google.GData.Apps.dll and Google.GData.Client.dll) from the installed Google API folder, you will also need System.DirectoryServices and System.DirectoryServices.AccountManagement which can be found in the Assemblies repository.

First we need to declare some reusable variables which are

private string sDomain = "";
private string sGoogleServiceUrl = "";
private string sEmailRegEx = @"\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*";

We also need a method to Initialize Google Service, take note I had also included methods for using proxy servers.

///// <span class="code-SummaryComment"><summary>

Here are some Active Directory Methods that we will use, these are all derived from my AD Methods Library which can be found here.

/// <span class="code-SummaryComment"><summary>

You also need to extend the GroupPrincipal Class to expose the Email address field so that we can easily refer to it. By default Email Addresses are not exposed in the GroupPrincipal and here is the full article explaining how to extend the GroupPrincipal Class to expose values not represented in the GroupPrincipal.


public class GroupPrincipalExtended : GroupPrincipal
    public GroupPrincipalExtended(PrincipalContext context) : base(context) { }

    public GroupPrincipalExtended(PrincipalContext context, string samAccountName)
        : base(context, samAccountName)

    public string EmailAddress
            if (ExtensionGet("mail").Length != 1)
                return null;

            return (string)ExtensionGet("mail")[0];

        set { this.ExtensionSet("mail", value); }

Now we got everything we need let’s do the actual syncing

private void Synchronize()
    //Get all Active Directory Groups with Email
    List<Principal> oGroupsWithEmail = GetGroupsWithEmail(
        "OU=Your Groups OU,DC=yourcompanydomain,DC=com");

    foreach (GroupPrincipalExtended oGroup in oGroupsWithEmail)
        List<string> oMembersInGoogle = new List<string>();
        List<string> oMembersInAD = new List<string>();

            //Instansiate Google Service
            GroupsService oGService = GoogleServiceAuthenticate();

            //Set User URI
            Uri oGroupMemberUri = new Uri(sGoogleServiceUrl + sDomain + "/" + 
                oGroup.EmailAddress + "/member/");

            //Get Google Group Members
            AppsExtendedFeed oGoogleGroupMembers = oGService.RetrieveAllMembers(
                oGroup.EmailAddress, true);
            foreach (AtomEntry oUserFeedItem in oGoogleGroupMembers.Entries)
                string sMemberEmail = oUserFeedItem.SelfUri.ToString().Replace("%40", 
                    "@").Replace(oGroupMemberUri.ToString(), "");
                //Add in Google Members List for Later Comparison

            //Get AD Group Members
            PrincipalSearchResult<Principal> oPrincipals = oGroup.GetMembers();
            foreach (Principal oPrincipal in oPrincipals)
                //If Principal Type is User
                if (oPrincipal.StructuralObjectClass == "user")
                    UserPrincipal oUserPrincipal = (UserPrincipal)oPrincipal;
                    if (bool.Parse(oUserPrincipal.Enabled.ToString()) &&
                        (oUserPrincipal.EmailAddress != "" && 
                        oUserPrincipal.EmailAddress != null) &&
                        oUserPrincipal.EmailAddress, sEmailRegEx))
                        //Add in Active Directory Email List for Later Comparison
                //If Principal Type is Group
                if (oPrincipal.StructuralObjectClass == "group")
                    GroupPrincipal oGroupPrincipal = (GroupPrincipal)oPrincipal;
                    string sGroupPrincipalEmail = GetProperty(oGroupPrincipal, "mail");
                    if ((sGroupPrincipalEmail != "" &&
                        sGroupPrincipalEmail != null) &&
                            sGroupPrincipalEmail, sEmailRegEx))
                        //Add in Active Directory Email List for Later Comparison

            //Add Members in Google
            foreach (string sMemberInAD in oMembersInAD)
                //Check if Email is in Active Directory Email List but not 
                //in Google Members List
                if (!oMembersInGoogle.Contains(sMemberInAD.ToLower()))
                    oGService.AddMemberToGroup(sMemberInAD, oGroup.EmailAddress);

            //Remove Members in Google
            foreach (string sMemberInGoogle in oMembersInGoogle)
                if (!oMembersInAD.Contains(sMemberInGoogle.ToLower()))
                    //Check if Email is in Google Members List but not in 
                    //Active Directory Email List
        catch (Google.GData.Apps.AppsException gEx)
            if (gEx.ErrorCode == "1301")
                //Entity Not found whihc means, Google Groups is not existing
                //Do your create group method here
                CreateGoogleGroup(oGroup.EmailAddress, oGroup.DisplayName, 
                   oGroup.Description, sEmailPermission, oMembersInAD);
                //Other Google Error Codes to Catch
        catch (Exception ex) 

Now the code above shows you how to synchronize Active Directory Group Members to Google Groups which includes adding and removing users. It is performing a one way sync which treats Active Directory as the master record repository. Also if you had noticed that there is a catch for the Google.GData.Apps.AppsException this will catch any error that might be encountered on running the sync like 1301 which means Group with that Email Address was not found. For a full list of Error code refer to the list
below (which I got here)

1000 – Unknown Error
1100 – User Deleted Recently
1101 – User Suspended
1200 – Domain User Limit Exceeded
1201 – Domain Alias Limit Exceeded
1202 – Domain Suspended
1203 – Domain Feature Unavailable
1300 – Entity Exists
1301 – Entity Does Not Exist
1302 – Entity Name Is Reserved
1303 – Entity Name Not Valid
1400 – Invalid Given Name
1401 – Invalid Family Name
1402 – Invalid Password
1403 – Invalid Username
1404 – Invalid Hash Function Name
1405 – Invalid Hash Digest Length
1406 – Invalid Email Address
1407 – Invalid Query Parameter Value
1500 – Too Many Recipients On Email List

On the Next Article I will be expanding further on that CreateGoogleGroup function. Happy Coding!


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Raymund Macaalay
Technical Lead
New Zealand New Zealand

You may also be interested in...

Comments and Discussions

-- There are no messages in this forum --
| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170118.1 | Last Updated 21 Jul 2011
Article Copyright 2011 by Raymund Macaalay
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid