Install and configure GSPS from the command line

Instead of using the configuration wizard, you can install and configure G Suite Password Sync (GSPS) from the command line.

When can I install GSPS from the command line? 

You can install GSPS from the command line if you're using:

  • GSPS version 1.6 or later.
  • A service account for Google authentication.
  • The GSPS application's security context to query Microsoft® Active Directory®.

For other configuration options, see Set up G Suite Password Sync

Before you begin

Ensure that you've:

Important: You need to install GSPS on each of your Active Directory servers (domain controllers).

Install and configure GSPS from the command line

  1. Download GSPS. Ensure you download the correct edition for your operating system (32 or 64-bit).
  2. Sign in to the domain controller as a domain administrator. The account you use must be from the domain controller’s domain.
  3. Copy the GSPS software and your service account JSON file to your domain controller.

    Note: The JSON file contains a key that allows access to your Google domain. After authorization, you should remove the file from the system.

  4. From the command prompt on your domain controller, enter:

    msiexec /i gsuitepasswordsync[32|64].msi /l*vx msi_log.txt /quiet

  5. Enter the arguments and parameters specified in the table below. Specify the arguments with all uppercase letters. Enclose the parameters in quotation marks.

     

    Argument Parameter
    ADMIN_EMAIL

    The email address of your Google administrator.

    Example: ADMIN_EMAIL="admin@myappsdomain.com"

    BASE_DN

    Your Active Directory domain's base distinguished name (DN).

    This parameter is optional. When omitted, GSPS attempts to autodetect the base DN.

    Example: BASE_DN="OU=users,DC=mydomain,DC=com".

    CREDENTIALS_FILE

    The full path to your service account JSON file.

    Example: CREDENTIALS_FILE="c:\users\administrator\downloads\privatekey.json"

    DOMAIN

    Your Google domain.

    Example: DOMAIN="myappsdomain.com"

    MAIL_ATTRIBUTE

    The Active Directory attribute that contains each user's Google email address.

    This parameter is optional. When omitted, GSPS uses the default “mail” attribute.

    Example: MAIL_ATTRIBUTE="mail"

 

GSPS installation example

​In this example, the Google domain is myappsdomain.com and the domain administrator is admin@myappsdomain.com. The service account's JSON file is located on the the domain controller at c:\users\administrator\downloads\privatekey.json. The Active Directory base DN is OU=users,DC=mydomain,DC=com and each user's Gmail address is stored in Active Directory's mail attribute.

msiexec /i googleappspasswordsync64.msi /l*vx msi_log.txt /quiet DOMAIN="myappsdomain.com" ADMIN_EMAIL="admin@myappsdomain.com" CREDENTIALS_FILE="c:\users\administrator\downloads\privatekey.json" BASE_DN="OU=users,DC=mydomain,DC=com" MAIL_ATTRIBUTE="mail"

Next steps

After the command successfully runs, the domain controller automatically restarts.

  1. Repeat the installation process until GSPS is installed on all of your domain’s writeable domain controllers.
  2. Have your users change their passwords so they'll be synced.
  3. Restart the server.

If you need help with the installation, see Troubleshooting GSPS.

 

Was this helpful?
How can we improve it?