Directories are the cornerstone of the IT of any organization. Neglecting their management and updates has dire consequences. This may lead to a lot of duplicate work, data silos, user frustration, and legal risks.
In this article, we will navigate to the main concepts and best practices that organizations should remember when dealing with directories and Global Address Lists (GAL) in your contact management.
Definitions
Before we start, here are the most common definitions to know when it comes to contact centralization:
Directory
A directory is a centralized address book, accessible by all the users of an organization. It contains contact details such as name, email, job title, phone number, location, birthday, etc. It may contain the users of the organization as well as external contacts. For instance, the Google Workspace (G Suite) admin panel has a section that allows to management of contact information of internal users.
Global Address List
A Global Address List (or GAL) is a term that was initiated by Microsoft Exchange. This system was used to define all the contacts shared with the organization, internal and external. It is a synonym of “Directory”, even if it is mostly used by organizations with a strong “Microsoft Culture”
Active Directory (AD)
The Active Directory (AD) is another Microsoft product that nearly no company above a certain size can live without. It allows administrators to manage the users of an organization, and control what resources they can access, which security groups they belong to, which devices they can use, etc. It also contains a detailed contact file in which the administrator can enter information about each user. Every time a user tries to use any resource in the company, this resource will connect to AD to check if this user is authorized (and how s/he is authorized) to access this resource. AD also provides the contact information of the users that are registered in its system. As you understand, it also plays the role of a “Global Address List”.
LDAP (Lightweight Directory Access Protocol)
LDAP is the standard protocol that allows to manage directories. Microsoft’s Active Directory uses this protocol, as well as non-Microsoft directories like OpenLDAP (which is the open-source, Linux version of AD) and other equivalent software.
What is a Company Directory (Global Address List) and why is it important?
Whether you are a company, a school, or a non-profit organization, you need to manage people through your information system.
Each person you manage must be stored in a database named “Directory” or a GAL (“Global Address List”), that will allow the different services and stakeholders to:
- manage their access to the organization’s resources
- store information about their members (like their roles, locations, phone numbers, email addresses, birth dates, etc.)
- communicate this information to the different systems used by the organization (Email server, Intranet, CRM, authentication system, file management system, phones, contact books, etc.)
Read more: Empowering Employees: The Benefits of User-Managed Contact Information in LDAP
What Directory Technology for what use?
Most organizations are using a Directory server, working with the LDAP protocol (like AD for Microsoft), that represents the central user repository of the company (aka Global Address List).
This server organizes users into organizations, branches, departments, teams, etc., and can have a very complex setup according to how big and distributed the company is.
In recent years, more and more organizations have started to get rid of on-premises directory servers to rely on the Directory services offered by the public cloud.
The best example is Google Workspace / G Suite Directory: As more and more organizations are opting for SaaS & cloud-based solutions to handle most of their IT, they are facing the question of their users’ management:
Should users be managed by their local network management tools (which does make a little sense in this era of remote working and mobility), or should they be handled by a cloud-based, Big Tech-backed solution?
The choice doesn’t need to be radical and technology now allows flexibility according to your organization’s context.
In this article, we focus on Google Workspace, but the same logic works for its Microsoft equivalent, Azure Directory.
Are On-Premise LDAP / Active Directories Out of Date?
An easy response should be to state that now everyone has an internet connection and a cloud-based directory is enough to store and manage the users of an organization and manage their access to different resources.
The reality is quite different: If you have physical offices, an internal network that manages computers, printers, and other devices, or if you have several branches each handling its own email domain, you may need to have a Directory Server, inside your DMZ (in your secured network), you may want to use a directory server such as Microsoft Active Directory to manage these complex setups.
Having a Directory is Not Enough, You Need to Synchronize It
Then, the art consists of synchronizing this directory with your Information System in order to always provide the most up-to-date user data to your different software and services, which will ensure the users’ appropriate access and fresh contact information.
Your Directory Secures Access to Your Organization’s Resources
Then, your AD will send each added user, a permission update in real-time to all the resources of the company, in order to allow/disallow them access.
Your Directory Centralizes Contact Information
The same for the information stored about people in the company. If your admin creates a new user in the directory and assigns them an email address, a phone number, or any other information, this information will be made available immediately, everywhere that users will need it (email, mobile phone, calendar, etc.), if well synchronized.
Do It Well and You’ll Save Loads of Time!
When the Directory Servers are not properly synchronized with other resources, IT and HR teams must enter the same information in different places several times.
Let’s say a company manages its users with a Microsoft Active Directory server and has most of its services (like the email) in SaaS-based solutions (Google Workspace for the email, Salesforce for the CRM, etc.). If no sync has been properly configured, the admin will need to create every new user in the AD, then in the Email server, then in Salesforce, then in Zoom and assign licenses to each of them manually.
Keeping track of all this can be a real nightmare.
This is why it is key to store all the information in one place (the Directory) and push it through an automatic process to different platforms including Google Workspace.
How to Ensure the Contact Information From the Directory is Pulled Into Google Workspace?
Let’s say a new hire must start tomorrow. You add this user to your directory. Then, you set an email address, you add a phone number, birth date, job title, department, location, etc.
Now, you want a new account/mailbox with the address you mentioned automatically gets an email address in Google Workspace. At the same time, all their colleagues can find the photo, phone number, location, etc. of this new colleague in their phone, their Gmail, their Google contact, etc.
The first thing to do is to synchronize the LDAP/Active Directory with the Google Workspace domain using GWDS (Google Workspace Directory Sync)
Now that the Global Address List is now synchronized from your Active Directory / LDAP to Google Workspace, you need your users to access this information in their contacts and most of their devices.
This is where the trouble begins: Directory contacts do not propagate everywhere. For instance, your users will not be able to find in their mobile devices, Whatsapp, Zoom, etc. all the contact information that is in the directory. You must configure synchronization between your Directory and the Google Contacts of your users.
Follow the simple steps below to effortlessly share your Global Address List contact information with your colleagues. This will be applicable across all their software and devices, thus, ensuring real-time updates.
Read More>> Synchronize your Active Directory with Google Contacts
Can we live without an Active Directory at all?
Let’s be honest, most small and medium businesses have adopted mobility as their main way of working. When an employee begins her workday, regardless of her location, all she requires is a robust authentication system. This system connects her to the cloud, granting her seamless access to her work-related resources.
Google provides a very good authentication system. It has its own directory management panel that can synchronize with anything. So why add a level of complexity by first storing all this data in an Active Directory?
Lots of organizations have taken the decision for a long time. Google Workspace has been their main directory and identity provider. Whenever they have a new employee in the organization, they just create his Google Workspace account. Consequently, the employee creates an account in Gmail and more than 150 other Google services. Furthermore, they also synchronize this information in many other applications (Project Management tools, Intranets, CRM, etc.). This applies to all programs that are integrated with the Google Workspace directory out of the box.
Practically, it doesn’t change much compared to the architecture described above. Instead of managing users from the Active Directory Server, we do the same things from the Google Workspace Admin panel.
Relying on the cloud to handle your GAL will give you the ease of burden. It comes along with the satisfaction of achieving more with less.