Answer-first summary for fast verification
Answer: 1. Configure the option to suspend domain users not found in LDAP. 2. Set up a recurring GCDS task.
The correct answer is A because it directly addresses both requirements: (1) configuring GCDS to suspend domain users not found in LDAP ensures that manually created Cloud Identity users (who won't exist in LDAP) are disabled rather than deleted, preserving account data while preventing access; and (2) setting up a recurring GCDS task ensures continuous synchronization of user and group lifecycle changes from LDAP. Option B is incorrect because deleting users (instead of suspending) would remove accounts entirely, which may not be desired. Options C and D are incorrect because excluding manually created users via LDAP search attributes doesn't disable them; it only prevents them from being synchronized, leaving them active. The community discussion strongly supports A with 15 upvotes and references to Google's documentation on GCDS suspension behavior.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You need to synchronize hundreds of users from your on-premises LDAP server to Cloud Identity using Google Cloud Directory Sync (GCDS). The requirements are to replicate user and group lifecycle changes from LDAP and to disable any manually created users in Cloud Identity. The LDAP search attributes for users and security groups have already been configured. What is the next step to implement this solution?
A
B
C
D