Senaste sökningar

    Populära artiklar

      Artiklar
      Visa alla
        Ämnen
        Visa alla
          Ärenden
          Visa alla
            inga resultat

            Tyvärr! Inget hittades för

            Install and configure G Suite Password Sync (GSPS)

            Ändrad den Thu, 26 Oct 2023 vid 11:39 AM

            GSPS system requirements

            Microsoft Active Directory 2008, 2012, or 2016 (AD DS, not AD LDS).  

            Note: GSPS currently doesn't support Additional LSA Protection with Secure Boot.

             

            Set up your domain controllers

             

            Download GSPS

            Download the correct MSI for your server's architecture:

            • 32-bit installer
            • 64-bit installer

            Restart the server

            Always restart the server after installing or upgrading GSPS. 

             

            Configure G Suite Password Sync

            Before you begin

            Make sure:

            • You're an administrator for your organization. Only administrators can complete the steps to set up GSPS.
            • You're a domain administrator for your Active Directory domain.

             

            Configure GSPS

            1. From the Start menu, open G Suite Password Sync.
            2. Click Next.
            3. Specify your primary Google domain and your Admin Email Address. This is the email address of the administrator that GSPS will use to perform the password updates. The administrator's address also appears in the audit logs in the Admin console.

              Important: Make sure that this administrator has signed into the Google Admin console and accepted the terms of service before you continue.

            4. Configure your authentication method, Select 3-legged OAuth
            5. Click Authorize Now
            6. When prompted, sign in to your Google Account using the email address enetered earlier. Click Continue
            7. If prompted, provide your administrator username and password and click Sign in
            8. Click Allow
              You should see "Authorization has been granted successfully. Please switch to your application.
            9. Close browser and return to GSPS. The Status value should change to Authorized

              Ska_rmavbild_2018-11-14_kl._16.34.16.png
              Note: If the GSPS screen doesn't display Authorized, authorization has failed and you should refer to the error message at the bottom of the GSPS configuration screen. Authorization can fail for a number of reasons, typically:

              • The user isn't a super administrator for your Google domain.
              • The time and time zone on your server aren't set correctly.
            10. Click Next 
            11. Select the authorization access method for GSPS to use to query Active Directory. The options available are described below.
              Authorization access methodDescription
              Application’s Security Context

              This is the default and recommended setting.The GSPS service runs in the security context of the NetworkService account, not a user account.

              This is the only option supported on Server Core domain controllers or when you configure GSPS from the command line.

              User Credentials

              The authorized user that GSPS acts on behalf of. The user doesn't have to be a domain administrator. But, it can be a role account with the following permissions: List Contents, Read All Properties, and Read Permissions applied to "This object and all child objects."

              This user will only be used to get the email addresses of users from Active Directory. Therefore, it must have access to read the mail attribute for all the users whose passwords you want to sync.

              Anonymous

              GSPS uses Active Directory Services Interfaces (ADSI) for authentication purposes. Anonymous access isn't recommended as it is not supported by most Active Directory configurations.



            12. If you selected User Credentials as your authorization access method, complete the Authorized User and Password fields.
            13. Enter the Base distinguished name (DN). When you configure GSPS for the first time, your Active Directory domain's default base DN is detected and added here. You can edit it, if required.
            14. Enter the Mail Attribute. This is your Active Directory domain's mail attribute that contains each user's Google email address. In most cases, this attribute is “mail.” The values stored here must exactly match the Google email address, including the domain part of the address.
              Ska_rmavbild_2018-11-14_kl._16.35.36.png

            15. Click Next. The application tests the connection settings you provided and alerts you if there are any errors. Review for any error messages. The Summary screen should show the configuration is saved and the service is running.
            16. Click Finish.
            17. Repeat this section for each of the domain controllers in your domain

             

            GSPS is now installed and running. Any password changes made to a user's Active Directory account are automatically updated for your Google users as well. However, GSPS doesn't sync your existing Active Directory passwords to Google–it only syncs password changes.

            Be sure to instruct your users to change their Active Directory password (as described in step 8) to sync the password their to Google Account. 


            Kontrollerad 2023-10-27

             

            Var artikeln till hjälp?

            Toppen!

            Tack för din feedback

            Vi beklagar att det inte var till hjälp

            Tack för din feedback

            Berätta för oss hur vi kan förbättra den här artikeln!

            Välj minst en av orsakerna
            CAPTCHA-verifiering krävs.

            Feddback skickat

            Vi uppskattar din feedback och uppdaterar artikeln vid behov

            Förhandsgranska
            0 av 0