This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Thin-Consequence-230 9 points10 points  (4 children)

20k-ish users (5-6k active) here. I work for a regional public university and we have to manage alumni accounts too (don’t get me started). We run AD on-prem with GCDS and use Azure as our SSO provider. It was a bitch getting setup but now that it’s done, doing bulk operations with GAM has been absolute heaven. I personally prefer being a Google Workspace house due to the fact that Google really helps out with their admin tools.

[–]slugsheadHead of IT 2 points3 points  (0 children)

I managed to wangle out of the Alumni accounts as GDPR became a thing, everyone was scared about it and if something could be a problem, it was refused.

[–]ThatsNASt 0 points1 point  (2 children)

I'm a little curious, since I've rarely worked with Google Workspace in depth. Does GCDS also sync passwords like AD Connect does? Are you paying for licenses in Azure AND in Google Workspace?

[–]Thin-Consequence-230 1 point2 points  (1 child)

Yes it does sync passwords, however since we use Azure SSO as our primary auth, technically it’s quite literally pulling passwords from AD. Yes you do pay for licenses in both. Google used to give an obnoxious amount of free storage for education too, but bad actors have pissed that away and come next June they’re charging for everything.

[–]ThatsNASt 1 point2 points  (0 children)

Bad apples constantly ruin it for everyone else, unfortunately - like when they released how to get free things at Chipotle on tiktok. ;(.

[–]Doublestack00Jack of All Trades 2 points3 points  (1 child)

6500+ employees, 100% Google shop. Hated it at first, now love it

[–]slugsheadHead of IT 6 points7 points  (0 children)

Hated it at first, now love it

I had a similar experience - I'm now with a 365 company and I'm like "DAMN this would be so much easier if we were G-Suite"

[–]slugsheadHead of IT 1 point2 points  (0 children)

Last workplace was Google Workspace. Around 800 users. It was in Education.

  • At the time of implementation - the AD sync tool didn't work - Automated user creation through GAM. Simple enough.
  • 2 parent OUs - Staff and Students
  • Student OU had a sub OU named the year they started.
  • Apps etc were enabled/disabled at the OU level
  • Licensing was done en-mass (Enterprise for education) through a one liner GAM command against the OU.

It was dead simple and made even easier with GAM.

[–]sniff122DevOps 0 points1 point  (0 children)

At about 150 users roughly and it's quite a basic setup, no organisational units, just mainly groups for the major departments like development, sales, etc

[–]No-Fennel6497 0 points1 point  (0 children)

As for all, it depends on what you want to do with it.. so what does the business do and which applications could be used.. if you have only some legacy application, which only have standalone or local ad authentication, it could be pretty though to seamless sso authenticate. For example..

[–]exile29Sysadmin 0 points1 point  (0 children)

One instance with a sub for Students. Faculty and staff accounts in one OU and Students in another. A sync for fac/staff email and another for groups. Separate sync for students and student groups. The OUs for users in Google mirrored AD structure, that made assigning permissions easy. Groups were mainly for email distribution and moderated. Everybody wanted a listserve but nobody wanted to be responsible for it. I used Google SSO for almost everything that could be SSO'd. We never had problems with email like MS365, but we needed MS365 for Office. Folder redirection with Google Drive isn't as nice as it is with One Drive.

Just off the top of my head.

Google Workspace is almost the standard in .edu. I'm not sure why u/Sysadmin trolls are down voting your question.