The main job of Google Apps Password Sync (GAPS) is to routinely keep the users' Google Apps passwords in sync with their Microsoft® Active Directory™ passwords. Any time that a user's Active Directory password is changed, Google Apps Password SyncIf any password update fails in the domain for one’s user, it is recommended that privileges settings be checked under the Provisioning API tab that is located under Domain settings and then Admin roles. It is important to ensure that the account privileges for the user whose password upgrade has failed do not exceed one’s admin account. User accounts which have fewer privileges cannot change password on the accounts that have more privileges.
An example is of the account with admin privileges which cannot update password for accounts with super admin privileges. It is important to note that GAPS never changes the Active Directory passwords as it only synchronizes Active Directory password changes to Google Apps. will push the change to Google Apps instantly.
The following system requirements are needed for GAPS to be installed:
- Google Apps for Business, Government or Education
- Microsoft Active Directory 2003/2008/2012 (AD DS, not AD LDS). The Windows Server Core editions are not supported
Domain Controllers require an Internet connection for the following ports:
Before getting Google Apps Password Sync and running it for one’s organization the following must be ensured:
- The user is a Google Apps administrator for the organization as only an admin can complete the later mentioned steps.
- User is a Google Apps for Education, Business or Government customer.
- The user is the Domain Admin on Active Directory domain.
In order to get GAPS and have it running successfully within an organization, first of all the admin needs to add all the users to Google Apps. For this, the admin has to created Google Apps accounts for all the users and add them an Active Directory environment through Google Apps Directory Sync since it automatically syncs user accounts in Google Apps. However, there are also other options to add users other than using GADS.
The second step is to enable the Provisioning API since Google Apps Password Sync requires Provisioning API to be enabled in Google Apps so that user passwords can be set. If the admin is using GADS along, this will be automatically done.
The third step is to install and configure Google Apps Password Sync on the Active Directory servers. The following have to be done on each of the Active Directory servers:
- Log in to Domain Controller as Domain Admin and download GAPS.
- Open the installer and install the correct edition according to the Operating System.
- Restart the server after completing the installation steps.
Open the Google Apps Password Sync from the start menu and on the welcome screen, click “Next” to specify primary Google Apps domain and admin email address. After the authorization is done, finish the rest of the configuration.
The fourth step is to prevent users from changing their Google Apps passwords directly. The following steps can be taken to present users from changing their password from Google Apps:
- Create an internal webpage with Google Sites with instructions for users to change their Windows password instead of their Google Apps password. Copy the URL of this page.
- In the Google Admin console, paste the URL in the advanced settings and save changes. If the user attempts to change the password from Google Apps, he will be redirected to this page.
The fifth step is to instruct the user to change their Active Directory passwords since Google Apps Password Sync will not sync an Active Directory password with Google Apps until it is changed.