Hi friends! How are you?
We are following a tutorial:
But we found an issue with GCDS. We use Active Directory and Google Cloud Directory, and our LDAP syncs with Google via Google Cloud Directory Sync (GCDS).
Using Remote Desktop to the Active Directory server, when we right-click an AD user and select Reset Password and change it, GCDS runs as well and change the user's password on Google Cloud Directory.
But we tried using the steps described on that tutorial but Google Cloud Directory seems to not activate when the user changes It's password via FortiClient VPN GUI.
FortiClient is able to detect that the password expired and must be changed on next logon, it pop's the new password window, the user applies it, the password changes at Active Directory but GCDS doesn't get activated, so the user will now have 2 passwords, 1 for AD and 1 for Google... Do you guys have any guess on what we should do to fix that?
Thanks a lot in advance!
Solved! Go to Solution.
Hi @Anonymous thanks for the reply and sorry for the delay on our response. We were trying solutions for this theme and for now, we are testing a solution:
We have 2 instances of Active Directory (one is a redundant instance) and we found out that we do need one GCDS installation but 2 password sync installations, and we had one.
Now we are operating with password sync running on both Active Directories and looks like the GCDS is working fine with Forticlient now.
 
					
				
		
Created on 08-15-2022 01:11 PM Edited on 08-15-2022 01:12 PM
Hello @renatoconeglian,
Thanks for reaching Fortinet Community.
Could you let us know if this is a new set up or the issue started post a firmware upgrade? From the description it seems like the password change request has been sent through to the remote devices.
Could you perform a packet capture on the firewall and replicate the issue? This could give us more details.
Thanks and regards,
Hi @Anonymous thanks for the reply and sorry for the delay on our response. We were trying solutions for this theme and for now, we are testing a solution:
We have 2 instances of Active Directory (one is a redundant instance) and we found out that we do need one GCDS installation but 2 password sync installations, and we had one.
Now we are operating with password sync running on both Active Directories and looks like the GCDS is working fine with Forticlient now.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.