Checkout my G Suite administrator course that will cover a lot of topics as well:
https://www.udemy.com/the-complete-course-to-manage-g-suite/?couponCode=LAUNCH1099
This is the presentation for my G Suite Password Sync (GSPS) tutorial on my Youtube channel.
Youtube playlist: https://www.youtube.com/playlist?list=PLn275E3eumb4yJ54yMdbdIgrjSFTe9oqe
In this 3 videos series I talk about GSPS with the following points:
1. What is GSPS?
2. Requirements and notes and considerations.
3. Authentication and what are the types of authentication available for GSPS.
4. Troubleshooting and resources to help with troubleshooting!
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
G Suite Password Sync Tutorial
1. Tutorial for G Suite Password
Sync (GSPS)
How to sync user passwords from Active Directory to G Suite?
What is this tool? Where to download it? How to use it?
2. Tutorial for G Suite Password Sync (GSPS)
●
What is GSPS?
●
Where to download it?
●
Important requirements and notes before using GSPS
●
Setup and authorization
●
Locating the log files (for troubleshooting times)
4. What is GSPS?
●
Tool made by Google
●
Will sync user passwords from your AD to G Suite
●
Only 1-way sync (AD → G Suite), NO (G Suite → AD)
●
Works as a service, only need one-time setup and configure
Which means automated process
8. Important requirements and notes before using GSPS
●
MUST HAVE a local password policy that meets Google’s policy:
– Minimum 8 characters for password
– Must be mix of letters, numbers
If the password did not meet Google’s policy, it will not be sycned!
●
There is no password history policy by Google, so must enforce locally
if required.
●
Has 2 ways to authorize wtih G Suite:
– 3-legged authorization ← easy and quick, but not good!
– Service account ← better and it is recommended
9. Important requirements and notes before using GSPS
●
Will NOT sync current password. Only changed passwords
●
Sync will happen upon password change (whether from user side
when pressing CTRL + ALT + DEL, or from Admin side when changing
password from AD directly)
●
Requires the server to be restarted after the setup and before the
configuration
●
MUST be installed on every writable AD server in domain
11. Setup and authorization
●
3-Legged Oauth
– Quick and fast
– Not good because you will need to re-authorize again later
– You will not get a warning for when you need to re-authorize. GSPS will
simply stop working
– Requires your user name and password every time you want to
authorize/re-authorize.
12. Setup and authorization
●
Service account
– Requires more time to do but much better than 3-Legged method
– Better way to guarantee GSPS will work all of the time
– You don’t need to use a user name and password for this
– Needs access to Google Developers Console and APIs
14. Locating the log files
Type of file Location of file
Configuration file C:ProgramDataGoogleGoogle Apps Password Syncconfig.xml
Service logs
C:WindowsServiceProfilesNetworkServiceAppDataLocalGoogleGoogle Apps Password
SyncTracingpassword_sync_service
Service authorization logs C:WindowsServiceProfilesNetworkServiceAppDataLocalGoogleIdentity
Configuration interface logs
C:UsersusernameAppDataLocalGoogleGoogle Apps Password SyncTracingGoogleAppsPasswordSync Or
C:UsersusernameAppDataLocalGoogle Google Apps Password SyncTracingGoogleAppsPasswordSync, if you're
using version 1.6 or earlier
Configuration interface
authorization logs
C:UsersusernameAppDataLocalGoogleIdentity
DLL logs C:WINDOWSsystem32configsystemprofileAppDataLocal GoogleGoogle Apps Password SyncTracinglsass
Command line installer logs C:UsersusernameAppDataLocalGoogleGoogle Apps Password SyncTracingMsiExec
Crash reports logs
If the GSPS UI configuration tool crashes, the logs can be found:
C:UsersusernameAppDataLocalTemp
If the GSPS service crashes, the logs can be found:
C:WindowsServiceProfilesNetworkServiceAppDataLocalTemp
15. Useful tools
●
GSPS support tool
– Open source tool made by Google on Github.
– Can collect all the logs for you.
– No setup, just double-click it and it will do all the work
https://github.com/google/gsps-support-tool
●
Google’s Log Analyzer
– Web based tool.
– Part of other set of tools under the name “G Suite Toolbox”.
– Submit the log, then select its source, and watch it get simplified!
https://toolbox.googleapps.com/apps/loganalyzer/
16. Useful links
●
Troubleshooting GSPS
– https://support.google.com/a/answer/2622457?hl=en
●
GSPS logs and error codes
– https://support.google.com/a/answer/3296820?hl=en&ref_topic=4497964
●
Troubleshoot authentication errors in GSPS service logs
– https://support.google.com/a/answer/4386110?hl=en&ref_topic=4497964