Google Directory¶
Afi support for Google Directory covers users, Google groups, and organizational units, including the corresponding metadata as well as group and organizational unit membership settings.
To protect the Google Directory for your tenant, go to the Google Directory tab on Service → Protection screen and assign a backup SLA policy to the Google Directory resource.
If your Google Workspace tenant has been added to Afi before October 17, 2024, please regrant the Afi application access to your tenant as described in the following article.
Google Directory backup is included with all Google Workspace Afi service subscriptions and requires no additional licenses.
Browse¶
The Google Directory backup browse view is structured into sections, with objects grouped by type, enabling users to view their properties and relationships.
Google Directory object kinds¶
Users¶
For each user Afi shows its email as well as email aliases, identifier, metadata properties (addresses, phones, etc.), and organizational unit where it resides.
Groups¶
Google Directory groups are split into the following categories based on their kind:
- Regular mailing groups (Default category)
- Security groups
- External groups (identity-mapped groups that mirror groups in an external identity data source, such as Active Directory)
For each Google group Afi shows its properties, membership type (assigned/dynamic), members, and member group roles. If the member count exceeds 100, Afi will display only the first 100 members. You can download the full member list by clicking the Download all members button.
Organizational units¶
Organizational units are displayed as a tree, and for each unit, Afi shows its identifier, description, and member list. If the member count exceeds 100, Afi will display only the first 100 members. You can download the full member list by clicking the Download all members button.
View object versions¶
To view all versions kept by the service for a Google Directory object, click on the three-dot icon in the corresponding object tile and then on Show backup versions. The service will prompt a dialog with a list of all object versions together with the backup snapshot times where each version has been added. You can download details for selected object versions locally or restore any of them.
Search¶
Afi allows to search across Google Directory objects of each kind by name, email (in case of users or groups), description, as well as by other searchable fields.
This example shows a basic search query to find all Google Directory users that contain the term admin in their names or emails:
Export¶
All Google Directory objects backed up by Afi can be exported in JSON and CSV formats together with all related metadata properties. At the moment Google Directory objects of different kinds (users, groups, organizational units) should be exported separately.
Recovery¶
Afi allows to recover Google Directory users, groups, and organizational units, as well as group/organization unit membership.
For recovery you can select individual Google Directory objects as well as entire object kinds (for example, all users), although the latter option should be used with caution due to tenant-wide impact.
Upon a recovery, Afi firstly tries to locate the objects selected for recovery on the Google Directory side and creates new objects only if they can't be located in Google Directory. Otherwise, the existing objects are kept and their properties and relationships are updated. The matching logic used by Afi for each object kind is described below.
Users¶
To recover a user, Afi performs the following actions:
- Try to locate a user on the Google Workspace side by identifier and then by email, if not found;
- Update properties for the existing user object or create a new user if such user is not found in the tenant;
- Update the group membership settings for the existing groups where the user was a member at the time of the backup snapshot;
- Move the user to the organizational unit where the user was present at the time of the backup snapshot.
Groups¶
To recover a group, Afi performs the following actions:
- Try to locate a group on the Google Workspace side by identifier and then by email, if not found;
- Update properties, members, and member roles for the existing group, or create a new group with the corresponding properties and members if such group is not found in the tenant.
Notice
When a group is selected for a recovery, its users are not restored together with the group. Only membership relationships for the existing users are recovered.
Organizational units¶
To recover an organizational unit, Afi performs the following actions:
- Try to locate an organizational on the Google Workspace side by its path;
- Update description and members for the existing organizational unit, or create a new organizational unit with the corresponding description and members if such organization unit is not found in the tenant.
Notice
When an organizational unit is selected for a recovery, its users are not restored together with the organizational unit. Only membership relationships for the existing users are recovered.