The main job of Google Apps Password Sync (GAPS) is to routinely keep the users' Google Apps passwords in sync with their Microsoft® Active Directory™ passwords. Any time that a user's Active Directory password is changed, Google Apps Password SyncIf any password update fails in the domain for one’s user, it is recommended that privileges settings be checked under the Provisioning API tab that is located under Domain settings and then Admin roles. It is important to ensure that the account privileges for the user whose password upgrade has failed do not exceed one’s admin account. User accounts which have fewer privileges cannot change password on the accounts that have more privileges.
An example is of the account with admin privileges which cannot update password for accounts with super admin privileges. It is important to note that GAPS never changes the Active Directory passwords as it only synchronizes Active Directory password changes to Google Apps. will push the change to Google Apps instantly.
The following system requirements are needed for GAPS to be installed:
Domain Controllers require an Internet connection for the following ports:
Before getting Google Apps Password Sync and running it for one’s organization the following must be ensured:
In order to get GAPS and have it running successfully within an organization, first of all the admin needs to add all the users to Google Apps. For this, the admin has to created Google Apps accounts for all the users and add them an Active Directory environment through Google Apps Directory Sync since it automatically syncs user accounts in Google Apps. However, there are also other options to add users other than using GADS.
The second step is to enable the Provisioning API since Google Apps Password Sync requires Provisioning API to be enabled in Google Apps so that user passwords can be set. If the admin is using GADS along, this will be automatically done.
The third step is to install and configure Google Apps Password Sync on the Active Directory servers. The following have to be done on each of the Active Directory servers:
Open the Google Apps Password Sync from the start menu and on the welcome screen, click “Next” to specify primary Google Apps domain and admin email address. After the authorization is done, finish the rest of the configuration.
The fourth step is to prevent users from changing their Google Apps passwords directly. The following steps can be taken to present users from changing their password from Google Apps:
The fifth step is to instruct the user to change their Active Directory passwords since Google Apps Password Sync will not sync an Active Directory password with Google Apps until it is changed.