Since the other day, when I ran into this issue with a client, I wanted to talk about the importance, no, the requirement of retaining an extra administrative user on your Google Apps account(s).
After all, your Google Apps admin is the gatekeeper to everything Google and you.
Without access to your admin account, it is a painfully slow and decently cumbersome process to regain it. Heck, you can’t get domain support without access since the support pin is in the admin area.
But enough build-up, long story short, I received a call from a client I am sub-contracted through. His email was flagged by Google for suspicious activity, and his account had been suspended. It only took minutes to realize that no one had access to his admin account. Without the ability to have his admin account un-flag him, we had to resort to calling Google Customer Support.
THREE GOOGLE REPS AND A COUPLE OF HOURS
In order to regain his admin account, we had to create a CNAME record in our hosting account to verify ownership of the domain. Once the CNAME had been added, the rep informed us to call back in 24-72 hours to allow the DNS changes to propagate. This amount of time for changes is the normal quoted time, but usually, propagation is much less. In our case, with the representative still on the phone, I checked our propagation. Visiting https://www.whatsmydns.net/, selecting CNAME and values, I was able to see that it was almost completely propagated (with the exception of a handful of overseas servers).
After I let the representative know, they confirmed the DNS changes. With the changes confirmed, Google is going to rename the current admin owner to another account name and elevate the permissions for another user account we have access to still to admin status.
Once we regain admin access, we can create a brand new admin-only account and transfer anything inside the old account (documents/email-wise) to his new account, removing the old account. In addition, we will set up the president of the company with the ability to access the admin side of the house to ensure that this hiccup does not occur again.
Once access is confirmed for all the newly created admin accounts, we can then reduce permissions for the user account that was increased to an admin account.
The main reason I wanted to write about this was that I was getting a handful of conflicting stories about what would occur once Google had verified our DNS.
One of the scarier answers we received from the Google rep was that once the account was DNS verified, it would be wiped clean. It took a handful of calls back to verify that this would NOT occur if we continued with verification and lateral users (as we did above).
I hope this message finds you well. This is a follow-up message concerning your case with Google Cloud Support.
I tried to contact you today regarding the issue with XXXXXXXX. Remember that in these cases, in which a user has been suspended, the way to lift the suspension would be with administrator access. This is the recommended way to go if you don’t want to lose the information on the domain. As I was telling you before, there is a way to prove that you own the domain and start over with a new G Suite account, but this is going to erase everything on the current G Suite as it will be terminated.
The representative for Google said it should be approximately three days from the DNS verification to when the account setup and administrative access could be regained. So we should have access back Tuesday this week. I will update this post as we learn more.
The main takeaway from this experience is the importance of always having an extra administrative user on your Google apps account(s). It can be tempting to limit access to only necessary users, but in the event of a security issue, having multiple administrative accounts can make the recovery process much smoother and faster.
It’s also important to note that Google’s customer support can be very helpful in these types of situations. However, it can take some time and effort to get everything resolved. In this case, it took several hours and multiple calls to get access to the account back, but with persistence and cooperation with the Google representative, the issue was eventually resolved.
Always have extra administrative users on your Google apps account(s), and be prepared for potential security issues by knowing the steps needed to regain access. And, if you do run into any issues, don’t hesitate to reach out to Google customer support for assistance.