One of the primary goals in process automation is to put structures in place that require little or no manual intervention. For a large percentage of your students, this is possible, but there are always exceptions to any rule. That is why we need to have a way to allow some flexibility for special situations. As we continue to work with schools across the country, we are seeing this type of situation arise more often.
When a student is officially withdrawn from school their account would normally be made inactive. There are however, times when but the student still needs access to their Google Drive and Gmail account and in some scenarios, teachers still need to interact with the student while they are away.
We can set up a structure that will allow this to happen without breaking the other automation that we have in place and without creating complex rules for handling student accounts.
(&(objectClass=user)(memberof=cn=Out of District,ou=students,ou=school,dc=domain,dc=org ))
The key to this strategy is to realize that Google User search rules are processed from top to bottom. Once a user is matched with a given rule, that rule applies to that you and it won’t matter if they match any other rules later in the list. You must prioritize your group matching rules above your OU matching rules. You may even need to consider which group rules should take priority over other rules if that possibility exists.
This allows you to manage your minor exceptions with a rule, but have your OU placement rules work in all other cases.
Here is an example of the proper configuration of this rule in Google Cloud Directory Sync.
For more helpful information about Google OU's and automation visit our resource page, HOW TO: SYNC ACTIVE DIRECTORY GROUPS WITH GOOGLE.
SPS-K12 enables students across the United States to modern their student provisioning and data management.