About G Suite Password Sync

G Suite Password Sync (GSPS) automatically keeps your users' passwords in sync with their Microsoft® Active Directory® passwords. Whenever a user's Active Directory password is changed, GSPS immediately pushes the change to their managed Google Account.

Important: GSPS never changes Active Directory passwords; it only syncs Active Directory password changes to your organization's Google Account.

GSPS is available to G Suite and Cloud Identity administrators.

Before you begin

GSPS system requirements

If you have the legacy free edition of Google Apps, upgrade to G Suite to get this feature. 

Microsoft Active Directory 2008, 2012, or 2016 (AD DS, not AD LDS).  

Note: GSPS currently doesn't support Additional LSA Protection with Secure Boot. 

Set up your domain controllers
  • GSPS must be installed on all domain controllers.
  • Domain controllers need an internet connection to connect to the following sites/ports:


    Purpose URL Port number
    Authentication https://accounts.google.com
    API access https://www.googleapis.com 443
    Certificate Revocation Lists / Online Certificate Status Protocol http://crl.geotrust.com/crls/secureca.crl


    Note: The certificate authority URLs can change at any point. For the most recent list of CRL/OCSP URLs, review the certificate information of the above API and Authentication hosts.

Download GSPS 

Download the correct MSI for your server's architecture:

Restart the server

Always restart the server after installing or upgrading GSPS. 


See step-by-step instructions on how to Set up G Suite Password Sync.

Was this article helpful?
How can we improve it?