Directories are the cornerstone of the IT of any organization. Neglecting their management and the way they are updated may lead to a lot of duplicate work, data silos, users frustration, and legal risks.
In this article, we will navigate to the main concepts and best practices that organizations should remember when dealing with directories and Global Address Lists (GAL) in your contact management.
Before we start, here are the most common definitions that to know when it comes to contacts centralization:
A directory is a centralized address book, accessible by all the users of an organization. It contains contacts details such as name, email, job title, phone number, location, birthday, etc. It may contain the users of the organization as well as external contacts. For instance, Google Workspace (G Suite) admin panel has a section that allows to manage contact information of the internal users.
Global Address List
A Global Address List (or GAL) is a term that was initially used by Microsoft Exchange to define all the contacts shared with the organization, internal and external. It is a synonym of “Directory”, even if it is mostly used by organizations with a strong “Microsoft culture”
Active Directory (AD)
The Active Directory (AD) is another Microsoft product that nearly no company above a certain size can live without. It allows administrators to manage the users of an organization, and control what resource they can access, which security groups they belong to, which devices they can use etc. It also contains a detailed contact file in which the administrator can enter information about each user. Every time a user will try to use any resource in the company, this resource will connect to Active Directory to check if this user is authorized (and how s/he is authorized) to access this resource. Active Directory also provides contact information of the users that are registered in its system. As you understood, it also plays the role of “Global Address List”.
LDAP (Lightweight Directory Access Protocol)
LDAP is the standard protocol allowing to manage directories. Microsoft’s Active Directory uses this protocol, as well as non-Microsoft directories like OpenLDAP (which is the open-source, Linux version of AD) and many equivalent software.
What is a Company Directory (Global Address List) and why is it important?
Whether you are a company, a school or a non-profit organization, you need to manage people through your information system.
Each person you manage must be stored in a database named “Directory” or a GAL (“Global Address List”), that will allow the different services and stakeholders to:
- manage their access to the organization’s resources
- store information about their members (like their roles, locations, phone numbers, email addresses, birth date etc.)
- communicate this information to the different systems used by the organization (Email server, Intranet, CRM, authentication system, file management system, phones, contact books etc.)
What Directory Technology for what use?
Most organizations are using a Directory server, working with the LDAP protocol (like Active Directory for Microsoft), that represents the central user repository of the company (aka Global Address List).
This server organizes users into organizations, branches, departments, teams, etc., and can have a very complex setup according to how big and distributed the company is.
In recent years, more and more organizations have started to get rid of on-premises directory servers to rely on the Directory services offered by the public cloud.
The best example is Google Workspace / G Suite Directory: As more and more organizations are opting for SaaS & cloud-based solutions to handle most of their IT, they are facing the question of their users’ management:
Should users be managed by their local network management tools (which does make a little sense in this era of remote working and mobility), or should they be handled by a cloud-based, Big Tech-backed solution?
The choice doesn’t need to be radical and technology now allows flexibility according to your organization’s context.
In this article we focus on Google Workspace, but the same logic works for its Microsoft equivalent, Azure Directory.
Are On-Premise LDAP / Active Directories Out of date?
An easy response should be to state that now everyone has an internet connection and a cloud-based directory is enough to store and manage the users of an organization and manage their access to different resources.
The reality is quite different: If you have physical offices, an internal network that manages computers, printers and other devices, or if you have several branches each handling their own email domain, you may need to have a Directory Server, inside your DMZ (in your secured network), you may want to use a directory server such as Microsoft Active Directory to manage these complex setups.
Having a Directory is not Enough, you Need to Synchronize it
Then, the art consists in synchronizing this directory with your Information System in order to always provide the most up-to-date user data to your different software and services, which will ensure the users’ appropriate access and fresh contact information.
Your Directory Secures Access to your Organization’s Resources
Then, your Active Directory will send each added user, each permission update in real-time to all the resources of the company, in order to allow/disallow them access.
Your Directory Centralizes Contact Information
Same for the information stored about people in the company. If your admin creates a new user in the directory, assigns them an email address, a phone number, or any other information, this information will be made available immediately, everywhere that users will need it (email, mobile phone, calendar, etc.), if well synchronized.
Do it well and you’ll save loads of time !
When the Directory Servers are not properly synchronized with other resources, IT and HR teams must enter the same information in different places several times.
Let’s say a company manages its users with an Microsoft Active Directory server and has most of their services (like the email) in SaaS-based solutions (Google Workspace for the email, Salesforce for the CRM etc.). If no sync has been properly configured, the admin will need to create every new user in the Active Directory, then in the Email server, then in Salesforce, then in zoom and assign licenses to each of them manually.
Keeping track of all this can be a real nightmare.
This is why it is key to store all the information in one place (the Directory), and push it through an automatic process to different platforms including Google Workspace.
How to ensure the contact information from the directory is pulled into Google Workspace?
Let’s say a new hire must start tomorrow. You add this user to your directory: You set an email address, you add a phone number, the birth date, job title, department, location, etc.
Now, you want that a new account/mailbox with the address you mentioned automatically gets an email address in Google workspace, and all their colleagues can find the photo, phone number, location, etc of this new colleague in their phone, their Gmail, their Google contact, etc.
The first thing to do is to synchronize the LDAP/Active Directory with the Google Workspace domain using GWDS (Google Workspace Directory Sync)
Now that the Global Address List is now synchronized from your Active Directory / LDAP to Google Workspace, you need your users to access this information in their contacts and most of their devices.
This is where the trouble begins: Directory contacts do not propagate everywhere. For instance, your users will not be able to find in their mobile devices, their Whatsapp, Zoom, etc. all the contact information that is in the directory: You must configure synchronization between your Directory and the Google Contacts of your users.
By following the guide below, it will be a breeze to provide to your colleagues all the contact information of your Global Address List in all their software or devices, updated in real-time.
Read More>> Synchronize your Active Directory with Google Contacts
Can we live without an Active Directory at all?
Let’s be honest: most small and medium businesses have adopted mobility as their main way of working. When an employee needs to start her day, wherever she is, she just needs a solid authentication system that will connect her to the cloud and let her access her work resources.
Google provides a very good authentication system and it has its own directory management panel that can synchronize with anything. So why add a level of complexity by first storing all this data into an Active Directory?
Lots of organizations have taken the decision for a long time: Google Workspace is their main directory and identity provider, and whenever they have a new employee in the organization, they just create his Google Workspace account, which creates an account in Gmail and more than 150 other Google services but also synchronizes this information in many other applications (Project Management tools, Intranets, CRM, etc.) that are integrated with the Google Workspace directory out of the box.
Practically, it doesn’t change much compared to the architecture described above: Instead of managing users from the Active Directory Server, we do the same things from the Google Workspace Admin panel.
Relying on the cloud to handle your GAL will make you feel light with the satisfaction of achieving more with less.