What's new in G Suite Password Sync
These release notes describe additions and improvements to the most recent versions of G Suite Password Sync (GSPS). You can find detailed information on how to set up GSPS in Set up G Suite Password Sync.
Note: As the platforms are no longer actively supported by Microsoft®, support for Windows® XP and Server 2003 was discontinued on December 31, 2018. Learn more.
September, 16, 2019
- GSPS now works when additional LSA protection is enabled on a Windows Server.
- Entering the domain name is no longer required.
- Information for better diagnostics (admin email address and service account ID) has been added to the log file.
- Fixed the error message help text that's shown when using anonymous access on a system where anonymous access isn't supported.
- Fixed an issue that caused LDAP searches to fail to log a username that is isn't correct (usually garbage data instead of the actual username).
- Minor logging fixes.
January 30, 2017
November 8, 2016
June 30, 2016
- Added support for Windows Server Core 2008 and 2012 installations.
- Added Service Account support for G Suite authentication. This is required for Server Core installations and is optional on non Server Core installations.
- GAPS can now be installed and configured from the command line.
- LDAP configuration can now use the GAPS service security context, removing the need to provide Active Directory administrator credentials.
- Improved error messages in the configuration wizard.
- Added crash reporting. The reports are stored on the GAPS server and not transmitted to Google.
- Windows Server 2003 is no longer supported.
- The GAPS UI now correctly displays an egg timer icon while performing tasks triggered by other actions, such as the user pressing the Previous, Next, and Authorize Now buttons.
- GAPS will retry network timeouts and 5xx server errors encountered when trying to refresh its OAuth access token.
- Users who are not Windows domain admins can no longer start the GAPS configuration wizard. Previously, they could open the wizard but receive an error when trying to save the configuration.
February 16, 2016
GAPS now uses the Crypt hash function (salted SHA512 hashes instead of SHA1) when updating the password with the Directory API.
Uses new OAuth2 endpoints to authorize and refresh tokens (avoids conflict when overriding DNS to enforce SafeSearch).
Improved feedback in the configuration UI to help diagnose issues with authorization. Improved trace logging and Windows Event Log system messages.
The number of log events has been reduced when a computer account password fails to sync.
Improved diagnostic logging for authorization issues can now be found in the service authorization logs.
Note: There is a new version of the GAPS support tool available to help you troubleshoot your GAPS installation.
Release 1.4What's fixed
Fixed an issue where, after failing to retrieve the email address attribute for an account from Active Directory, GAPS silently crashes.
Note: This issue has only been observed on Windows Server 2003, but we recommend upgrading regardless of your Windows Server version.
Release 1.3What's new
GAPS now uses the Admin SDK - Directory API (version 1).
The "Configure G Suite" and "Configure Active Directory" pages now perform validation. If you enter incorrect information in any of them, the program will alert you.
The log files generated by GAPS no longer show irrelevant log lines mentioning Outlook.
In the "Configure G Suite" wizard page, pressing Enter will now prompt you to authorize instead of taking you back to the previous page.
Release 1.2What's new
"G Suite Passwords" events now appear in the Application event log. GAPS now logs password sync success and failures details to the event log.
Fixed an issue where the steps listed in the initial configuration wizard page were in the wrong order.
Fixed an issue where GAPS was logging the password hashes in some cases if the password failed to sync. GAPS no longer logs the password hashes.
Fixed an issue that made GAPS try to sync passwords that contained unsupported characters (non US-ASCII characters). Now GAPS logs a warning.
GAPS now correctly identifies password sync failures when a server error response is returned.
Formatting issues with the GAPS DLL logs have been fixed.
Release 1.1What's new
"Use Anonymous access to query Active Directory" is now unchecked by default. Most Active Directory environments don't allow anonymous LDAP connections, so this simplifies the setup process.
GAPS 32-bit will no longer install on 64-bit systems. Previously, the installation completed without error, but password sync wouldn't work. Now, the two installers can no longer be confused.
Better Google authorization flow. The new authorization flow is clearer and simpler to use.
Automatically detect base DN. When running the configuration wizard for the first time, the base DN field will be pre-filled with your domain's default base DN.
Fixed an issue where the logs incorrectly show "Error while securing the key: 0" even when there's no error saving the settings.
Fixed several issues with the Google authorization step of the configuration that caused it to fail without explanation.
Fixed an issue that made the GAPS service fail to start on some systems because its path was registered in the system without double quotes.
Fixed an issue that caused GAPS to fail when there were incorrect proxy settings on the network.