Git Product home page Git Product logo

password-sync-support-tool's Introduction

2. Upload the file it creates to the log analyzer

Learn more about troubleshooting Password Sync, and about Password Sync logs and error codes.


This tool collects logs and information from all Domain Controllers running Password Sync in order to allow reviewing them all in a single place to make troubleshooting easier. It will create a ZIP file on your Desktop when it's finished.

Notes:

  • If you have multiple domains in your forest, you need to run the support tool while logged in as a user from the domain you want to investigate. It fetches the logs from all DCs in your domain, not across the entire forest.
    • You don't have to run it from a DC, you can run it from any domain member computer (as long as you're logged in as a Domain Admin), but it's better to run it from a DC that's affected by the issue you want to investigate.
    • Make sure that you have unblocked network connectivity between all writable DCs in your domain. If you don't, some data would be missing.
  • If you can't start the support tool:
    1. Right click the file you downloaded (PasswordSyncSupportTool.vbs).
    2. Click "Properties".
    3. Click the "Unblock" checkbox at the bottom.
    4. Click "OK".
    5. Try running the support tool again
  • If you have a lot of DCs in your domain, it could take a long time for the support tool to run. That's ok, just let it run until it finishes.
  • Make sure you don't click the window while it's running. If you do, it could go into "Select" mode, which pauses the run. Make sure that the title of the window doesn't have "Select" in it. If it does, just press the Escape key on your keyboard.

It's built using VBScript for compatibility with all Windows versions.

Password Sync was previously known as "Google Apps Password Sync" and "G Suite Password Sync". This support tool was previously known as GAPSTool and GSPSTool.

password-sync-support-tool's People

Contributors

eesheesh avatar emmastott avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

password-sync-support-tool's Issues

Continuous loop if DC name is blank

GSPStool calls itself with an additional argument to process individual DCs.

If a DC name pulled from the AD is blank then GSPStool will loop continuously.

Use 7zip as the EXE wrapper instead of AutoIt

We can use https://www.7-zip.org/a/lzma1900.7z from https://www.7-zip.org/sdk.html. We need to create build.config.gspstool:

;!@Install@!UTF-8!
ExecuteFile="cmd.exe"
ExecuteParameters="/c title G Suite Password Sync diagnostics tool && cscript //nologo gspstool.vbs"
Directory="%temp%"
GUIMode="2"
Progress="no"
;!@InstallEnd@!

...and then:

"C:\Program Files\7-Zip\7z.exe" a gspstool.7z gspstool.vbs
copy /b 7zSD.sfx  + build.config.gspstool + gspstool.7z test-exe\gspstool.exe

Check if the required root certs are trusted

Command to dump all trusted certs:

for %a in (Root AuthRoot Trust CA) do certutil -store %a >> trusted-certs.txt 2>>&1

We can probably only do it for the local machine this way, but it's better than nothing.

Add a dump of "sc qc"

This would allow us to see if the service logon settings have been changed.

Expected results:

C:\>sc qc "G Suite Password Sync"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: G Suite Password Sync
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Google\G Suite Password Sync\password_sync_service.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : G Suite Password Sync
        DEPENDENCIES       :
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

Make sure messagebox text is logged

We currently have separate log statements and messagebox statements in many places, but it would be better to also log the exact text that's shown to the user, instead of having to go to the code to correlate what's seen vs. what's logged.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.