Install and configure GSPS from the command line

Instead of using the configuration wizard, you can install and configure G Suite Password Sync (GSPS) from the command line.

When can I install GSPS from the command line? 

You can install GSPS from the command line if you're using:

  • GSPS version 1.6 or later.
  • A service account for Google authentication.
  • The GSPS application's security context to query Microsoft® Active Directory®.

For other configuration options, see Set up G Suite Password Sync

Before you begin

Ensure that you've:

Important: You need to install GSPS on each of your Active Directory servers (domain controllers).

Install and configure GSPS from the command line

  1. Download GSPS. Ensure you download the correct edition for your operating system (32 or 64-bit).
  2. Sign in to the domain controller as a domain administrator. The account you use must be from the domain controller’s domain.
  3. Copy the GSPS software and your service account JSON file to your domain controller.

    Note: The JSON file contains a key that allows access to your Google domain. After authorization, you should remove the file from the system.

  4. From the command prompt on your domain controller, enter:

    msiexec /i gsuitepasswordsync[32|64].msi /l*vx msi_log.txt /quiet

  5. Enter the arguments and parameters specified in the table below. Specify the arguments with all uppercase letters. Enclose the parameters in quotation marks.


    Argument Parameter

    The email address of your Google administrator.

    Example: ADMIN_EMAIL=""


    Your Active Directory domain's base distinguished name (DN).

    This parameter is optional. When omitted, GSPS attempts to autodetect the base DN.

    Example: BASE_DN="OU=users,DC=mydomain,DC=com".


    The full path to your service account JSON file.

    Example: CREDENTIALS_FILE="c:\users\administrator\downloads\privatekey.json"


    The Active Directory attribute that contains each user's Google email address.

    This parameter is optional. When omitted, GSPS uses the default “mail” attribute.

    Example: MAIL_ATTRIBUTE="mail"


GSPS installation example

​In this example, the domain administrator is The service account's JSON file is located on the domain controller at c:\users\administrator\downloads\privatekey.json. The Active Directory base DN is OU=users,DC=mydomain,DC=com and each user's Gmail address is stored in Active Directory's mail attribute.

msiexec /i googleappspasswordsync64.msi /l*vx msi_log.txt /quiet ADMIN_EMAIL="" CREDENTIALS_FILE="c:\users\administrator\downloads\privatekey.json" BASE_DN="OU=users,DC=mydomain,DC=com" MAIL_ATTRIBUTE="mail"

Next steps

After the command successfully runs, the domain controller automatically restarts.

  1. Repeat the installation process until GSPS is installed on all of your domain’s writeable domain controllers.
  2. Have your users change their passwords so they'll be synced.
  3. Restart the server.

If you need help with the installation, see Troubleshooting GSPS.


Was this helpful?
How can we improve it?