Since the other day I ran into this issue with a client, I wanted to talk about the importance, no the requirement of retaining at all times an extra administrative user on your Google apps account(s).
After all your Google apps admin is the gate keeper to everything Google and you.
Without access to your admin account it is a painfully slow and a decently cumbersome process to regain it. Heck, you cant get domain support without access since the support pin is in the admin area.
But enough build up, long story short I received a call from a client I am sub-contracted through. His email was flagged from Google for suspicious activity and his account had been suspended. It only took minutes to realize that no-one had access to his admin account. Without the ability to have his admin account un-flag him we had to resort to calling Google Customer Support.
3 Google reps and a couple hours
In order to re-gain his admin account, we had to create a CNAME record in our hosting account to verify ownership of the domain. Once the CNAME and been added, the rep informed us to call back in 24-72 to allow the DNS changes to propagate. This amount of time for changes is the normal quoted time, but usually propagation is much less. In our case, with the representative still on the phone I checked our propagation. Visiting https://www.whatsmydns.net/, selecting CNAME and values. Immediately, I was able to see that it was almost completely propagated (with the exception of a handful of overseas servers).
After I let the representative know, they confirmed the DNS changes. With the changes confirmed Google is going to rename the current admin owner to another account name and elevate the permissions for another user account we have access to still to admin status.
Once we re-gain admin access we can create a brand new admin only account and transfer anything inside the old account (document / email wise) to his new account removing the old account. In addition, we will setup the president of the company with the ability to access the admin side of the house to ensure that this hiccup does not again occur.
Once access is confirmed for all the newly created admin accounts we can then reduce permissions for the user account that was increased to an admin account.
The main reason I wanted to write about this was that I was getting a handful of conflicting stories about what would occur once Google had verified our DNS.
One of the scarier answers we received from the Google rep was that once the account was DNS verified it would be wiped clean. It took a handful of calls back to verify that this would NOT occur if we continued with verification and lateraled users (as we did above).
I hope this message finds you well. This is a follow up message concerning your case with Google Cloud Support.
I tried to contact you today regarding the issue with XXXXXXXX. Remember that in this cases in which a user has been suspended, the way to lift the suspension would be with administrator access, this is the recommended way to go if you don’t want to lose the information on the domain. As I was telling you before there is a way to prove that you own the domain and start over with a new G Suite account but this is going to erase everything on the current G Suite as it will be terminated.
The representative for Google said it should be approximately 3 days from the DNS verification to when the account setup and administrative access could be regained. So we should have access back Tuesday this week, I will update this post as we learn more.
It took a bit longer than expected, but with an awesome Google rep assisting us we where able to regain access to the account – where we promptly create multiple administrator accounts.