none
Google password syncing with AD

    Question

  • Hi

    We have AD syncing with Gmail using GADS (google apps directory sync). Authentication occurs via 3269 port (Global catalog).if we make any changes in AD user and group object eg: password reset, then it will sync with google. we login to gmail using SSO (clear login). now we have to change password in SSO page( clear login) and that will have to sync with AD. we changed the port

    3269 to 636 in clear login and opened the port 636 in Domain controller but password change is not syncing with AD.

    please help me with the possible solution


    Monday, March 27, 2017 6:35 PM

All replies

  • Hi,
    Based on my understanding of GAPS, it would sync password change from AD to apps, not vice versa, it means that you could not change a password in an APP, then sync the password into AD.
    In addition, as GADS is a third party tool which is not supported in the forum, maybe, you could contact its support team for further troubleshooting.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 28, 2017 7:10 AM
    Moderator
  • clear login(sso) is the interface between AD and Gmail.  If we reset password in AD then we can login to gmail via SSO. but we cannot change password in  SSO page. our DC is integerated with SSO as an identity source. if we want to change password in SSO page, we have to change port from 3869 (GC) to 636(LDAP over SSL) in SSO interface and also need to open port 636 in firewall for  DC machine as well. we already done with the both.  we are still unable to authenticate the users via 636 port from sso and unable to change password even after opened the port in firewall for DC machine.

    is there any thing need to be checked in DC or any configuration to be done in DC?

    Tuesday, March 28, 2017 3:26 PM
  • Hi,

    Besides for opening ports, based on my research, it seems that you need deploy a PKI and issue certificate for your domain controller to authenticate the users from the third party application, please see: https://support.microsoft.com/en-sg/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 31, 2017 1:41 AM
    Moderator
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 4, 2017 6:10 AM
    Moderator