Set up Password Sync

6. Have users change their AD passwords

For Password Sync to synchronize a Microsoft Active Directory (AD) password with a user’s Google Workspace or Cloud Identity account, your users must change their Active Directory password. We recommend that you prompt your users to change their password the next time they sign in to Windows.

Important: User passwords must adhere to Google’s password guidelines. For details, go to Create a strong password & a more secure account.

 You're on step 6 of 6

"" "" "" "" "" ""

Step 1: Get your users to change their AD passwords

Tip: If you add new users in Active Directory, create the user with an initial generic password and check the User must change password at next logon box.

For your existing users:

  1. Ask the user to sign in to Windows using their Active Directory password
  2. Have the user change their existing password.

    The new password is synced with the user’s Google Workspace or Cloud Identity account within a few minutes.

  3. Ask the user to sign in to their Google Account with their new password.
  4. Password Sync automatically syncs any subsequent Active Directory password changes to Google.

Step 2: Prevent users from changing their Google passwords

You need to ensure your users change their passwords in Active Directory and not in their Google Workspace or Cloud Identity account.

Before you begin

  • Have users contact their administrator if they need to reset their Google password. For details, visit Set up password recovery for users.
  • Create an internal webpage with instructions on how users should change their Windows password and not their Google password.

Provide instructions to users

When users (other than super administrators) try to change their Google password, you can direct them to your internal webpage that instructs them to change their Windows password instead. This setting applies even if you do not enable single sign-on (SSO). Super admins do not get redirected to the internal webpage. Make sure they know to change their passwords in Active Directory.  ​

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2.  In the Admin console, go to Menu ""and then"" Securityand thenOverview.
  3. Click SSO profile for your organization.
  4. For Change password URL, enter the URL of the webpage that you created.
  5. Click Save.

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false
false