Recovering Google Workspace: A Detective Story
For the uninitiated, Google Workspace is the paid version of Google’s suite of products, such as Gmail (with your own domain, not a gmail.com address), Google Calendar, and Google Docs. It was previously called G Suite, and before that, Google Apps. When it launched in 2006, Google Apps was free, and those who got in early got to keep it at no cost even after Google started charging new customers. This year, after backing down from a deeply unpopular plan of forcing everyone to pay, Google required that free Google Workspace users assert they don’t use the product for business purposes (see “Google Lets Legacy G Suite Users Keep Their Email for Free,” 18 May 2022).
Well, what would happen if you failed to make that assertion, or, worse, didn’t even realize it was required because you’re not the super administrator of your Google Workspace account and the person in that role is long gone? A new client of mine found out the hard way: Google converts the account to a paid version and then, after a grace period for adding payment information, suspends the whole account, preventing access to any of its mailboxes.
This is my tale of obsessively venturing down a deep rabbit hole to recover that account. It is also a cautionary tale about how if an account is important to you, you must be its maximum-level administrator, even if someone else sets things up for you. (For this reason, I also caution against resold “white label” services, rather than having an account directly at the source. What if your reseller disappears?)
Who’s the Super Admin?
My client—let’s call her Connie—had the email for her one-person business hosted at Google Workspace since the early, free days. (Human and domain names in this story have been changed to protect the innocent.) She woke up one day to discover that her email was no longer coming in on any device. Connie accessed her email using Gmail’s Web app, so Mail on her Mac did not have a history of existing email, either. When she tried to load Gmail, Connie was informed her account had been suspended and that she needed to contact her administrator. What administrator? It was my job to figure that out.
Google provides no simple way to contact an account’s administrator or even identify the administrator’s email address. There might be a certain amount of sense to this policy in an organization with a large IT department, but it was a liability in a situation such as this.
I asked Connie if someone else had set up the account for her. She thought so, but the only person she could bring to mind was a long-departed employee we’ll call John, with whom she was still in touch. Unfortunately, neither of them remembered John’s password for his Google account. Worse still, our attempts to reset his password were met only with a directive to contact the administrator… which was theoretically John himself. That made me suspect there was another administrator in play with a different account, but Connie couldn’t remember who that might have been.
Next, I tried Google’s “Forgot email?” option, which allows you to find a Google account’s email address using a recovery email address or phone number, plus first and last name. That turned up personal (non-Workspace) Google accounts for both Connie and John, but no one else.
What next? Google’s Admin Toolbox has a somewhat obscure form that lets you request a user be promoted to Super Administrator (or contact the administrator, but that wouldn’t help us). To submit this form, you must be able to edit the DNS zone records for the domain to prove that you own it. So I did that, but, alas, to no benefit.
The form results said that Google would contact the existing Super Admin, and if not disputed, Connie’s promotion to Super Admin would happen automatically after 72 hours. Except it didn’t. Ominously, the form also said that the request would be manually reviewed, and any further information needed would be requested by email… which is hard to respond to when your email account has been suspended. It’s a chicken-and-egg scenario. Google clearly hadn’t considered this situation.
Worried that the suspended account would soon be deleted, and with my client already having been without her email for five days, I had to speak with someone at Google; the only way to do that is to have an active, paid Google Workspace account. So I used my account, and fortunately, the support agent helped me despite my issue being about a different account. He directed me to a different form that lets you specify a non-domain email address for contact. That form provided instructions for more DNS zone editing, which I performed, with no great optimism but apparently no other options. My doubt turned out to be well-founded when I received an auto-reply saying that Google support’s caseload was overwhelmed, they were closing the case, and I needed to use the Admin Toolbox form. Which I’d already tried. Another hour burned.
But I’m a tenacious guy. And this is when it gets interesting.
Poking around, I was surprised to discover that a suspended Google Workspace account still lets you access a user’s Google Contacts. Within there, I could see the company directory—which revealed the name and Google Workspace email address of that third email account I thought likely to both exist and be the Super Admin. Let’s call that person Rachel Kole. This was a partial victory all by itself!
I’m the Super Admin!
It was the middle of the night, and I probably could have just waited until the morning to ask Connie whether she had any contact info for Rachel, and perhaps I could have found Rachel on the Web, but I was hot on the trail. Also, I really didn’t want to go to all this effort only to discover that Google had deleted the suspended account while I waited for more information.
I attempted password recovery for Rachel’s account, and this time I was given some different options, suggesting that she was indeed the Super Admin. Specifically, I had to identify her recovery email address, with this as the clue: ••@daw•••••••••.com.
I searched for Rachel by her full name and turned up, on a LinkedIn page, a business whose name might fit the email pattern: Dawson & Kole. Then I searched for Dawson & Kole and found a few references to dawson-kole.com. Bingo. (Though the minimal search results made it hard to tell what the company did.)
The dawson-kole.com domain had no website, so I next turned to the ever-remarkable and invaluable Wayback Machine, which revealed that a website for dawson-kole.com had existed between 2008 and 2016, though its contents couldn’t be displayed at all, regardless of the snapshot date.
There was also a more significant hurdle: if dawson-kole.com was indeed the correct domain, and I could correctly guess the full recovery email address, how would I get the two-factor code Google would email to that address? On a hunch, I checked to see whether dawson-kole.com was still registered… and it wasn’t! And fortunately, it had not been re-registered by a domain squatter. So I registered it in my own GoDaddy account. Now I owned dawson-kole.com. Oh yeah.
GoDaddy no longer provides free email with domain registration, so I figured I’d create a new trial Google Workspace account for dawson-kole.com. But Google wouldn’t let me do that, apparently because that domain was never removed from Google’s world, despite there no longer being a registered domain behind it. This seemed like an excellent opportunity to try out the relatively new Custom Email Domain feature of iCloud+ (“How to Set Up Custom Email Domains with iCloud Mail,” 27 August 2021).
I was pleased to discover that process was a breeze—I signed into iCloud.com, punched in the domain, signed into GoDaddy when prompted, and iCloud took care of the necessary zone record setup. I elected not to create an email address, since I didn’t yet know what it should be, and what I ended up with was a catch-all, with any mail sent to any address at dawson-kole.com arriving in my iCloud Mail. Huzzah!
After sending some test emails to confirm that I could indeed receive dawson-kole.com mail, I went back to Google Workspace and tried to guess the recovery email address: [email protected], [email protected], [email protected] After the third try shook me off, I was blocked from trying again for a few hours. Much like anyone who has tried to remember an iPhone passcode, I decided to research my next guess carefully.
I tried further Internet searching but couldn’t find Rachel’s email address (for dawson-kole.com, anyway). So, I took another crack at the Wayback Machine. But all of its snapshots returned the same thing—a single frame with a broken image.
Jumping Back Flash
I had an idea of what was happening: the late 2000s were still the era of Adobe Flash-based websites, and some sites would not render at all if you didn’t have Flash Player installed. In 2022, Flash is blocked by every major browser and Adobe itself. I looked at the source code of the Wayback Machine page snapshot and found the telltale reference to a file ending in .SWF. (It was a bad flashback.)
I happened to have an unused 2012 MacBook Pro around, so I started it up into macOS Recovery with Command-Shift-Option-R, which enables installation of whichever version of macOS originally came with that model. Soon I was running macOS 10.8.5 Mountain Lion. Unfortunately, versions of Safari that old are largely incompatible with modern websites due to certificate expiration and lack of current HTML/CSS support. So I tried to download Waterfox Classic, a fork of Firefox that runs on old versions of macOS, but Safari wouldn’t let me, so I first downloaded Firefox 48, which is nearly as useless as Mountain Lion’s Safari in its Web compatibility but does better with HTTPS issues. Then I used that 2016 version of Firefox to get Waterfox Classic, into which I intended to install Flash Player.
(It turns out none of these elderly Mac heroics were necessary. I later figured out that Firefox 84 still supports Flash Player on Intel-based Macs running macOS 12.6 Monterey. Another option would have been to download the SWF file and open it in Elmedia Player, set to run in Rosetta mode if on a Mac with Apple silicon.)
Adobe no longer distributes any version of Flash Player, and the final versions of it intentionally ceased to operate after 12 January 2021. So I found, via the Internet Archive, the last version of Flash Player (126.96.36.1991) that does not self-destruct after that date. Obviously, getting software from an unknown source carries risks, but this was an empty computer.
I forged ahead. I installed Flash Player, headed back to the Internet Archive, et voilà, I was looking at the website of dawson-kole.com, circa 2016. Boom! Holding my breath, I clicked the About link, and there it was, in all its glory: [email protected] Jackpot!
Back to Google Workspace I went, and by this time, I’d been let out of try-again jail. I typed in Rachel’s correct recovery email address. A few seconds later, it was in my iCloud mailbox: six glorious digits delivered to [email protected] I fed them back to Google, hoping the password reset process would not make me jump through additional hoops, like demanding the account creation date or other obscurata, which I’ve seen its security algorithm require. But, happily, I was simply prompted for a shiny new password, which I was more than happy to provide.
Once I had changed Rachel’s password and logged in as her, I was immediately required to provide payment information, which I did. I then promoted Connie to Super Admin, designated her as the primary administrator, and ensured that she could access all recovery information for all her accounts.
There was one final check to make, the most important one. I clicked over to Connie’s Gmail, and there it was! All her email back from the dead, or at least purgatory.
Then I deleted dawson-kole.com from my GoDaddy account, asked for a refund, and went to bed.
Connie was overjoyed to have her email returned to her. It’s not every day that, as a consultant, I get to be a detective hero, but when it happens, it reminds me why I do what I do. Connie did tell me she remembered Rachel Kole, and it would have made perfect sense that Rachel would have set up Connie’s email long ago, but it had been 15 years since their last contact!
And, just to say it again, let me preach: always be your own administrator. And if you’re a professional or friend setting something up for someone, give that person agency to solve problems without being dependent on you. No one wants to end up where Connie was—a few of the key steps in my recovery process depended on good luck, such as being able to claim the domain and seeing a historical version of a defunct website, so there’s no guarantee such an approach could ever be duplicated.
Ivan Drucker is the founder and CEO of IvanExpert Mac Support in New York City and Santa Barbara. He is a former software quality engineer for Apple and began using his first Apple II in 1978, at the age of eight.
I had a friend/client with a very similar story. All of her email and google docs went away because her legacy account was suspended. We did not know who the administrator of the account was. With her account suspended, she had no way to contact google support.
We found the form and requested that she be promoted to super admin, but of course google sent the info about that to her suspended email address.
I used my google workspace account to contact support and explained the situation. They told us about verifying the domain, so we did that, and got a reference number. Still no dice, since they still wanted to send an email. Luckily, my friend had a backup email (a yahoo account that is still active) listed on her google account. I chatted again and asked that the chat support person notify the Workspace support team to use that backup email. Within a few days, my friend received an email from support at that backup email assigning her as super admin and we were able to complete the steps to have her pay for Google Workspace. (This is when we realized that her web developer from 12+ years ago had set up himself as admin of the account.)
It was a huge relief to see her emails and google docs come back into her account.
In case it’s helpful, this is the email she received from support:
From: “[email protected]” <[email protected]>
Subject: [#######] IMPORTANT: Information about your Google Workspace account
We are contacting you because another user from your Google Workspace account has verified DNS ownership of domain [redacted for privacy, the domain).
Since all domain administrators appear inactive and unresponsive, Google Workspace Support has performed a verification process to grant the Super Admin role to [redacted info for privacy, an email address](mailto:email address). A super administrator is able to access the Admin Console (https://admin.google.com/) and modify all aspects of the Google Workspace account [private info).
Please reply to this message if you have any questions or concerns.
Google Workspace Support
I can’t get to my GMail account without giving Google a cell phone number.
THIS is why I trust NO CLOUD SERVICE, even Apple. Any hiccup on their end, and you’re in Tech Support Hell with no recourse.
I doubt there’s another person in the world who could have pulled this off. The Wayback Machine!
Thanks for this. Very similar situation!
I don’t know if that’s strictly true but thanks for the kind words! And yeah, the Wayback Machine!
I read Ivan’s report with my jaw dropping ever closer to the floor. It underlined A) what arcane systems Google operate, and B) what a star Ivan is. Respect! And I thought I was relatively tech savvy.
The story brought to mind one of my constant laments. Was a time when computer systems and apps were properly documented: originally on paper, then online. It seems that over the years more and more companies have resorted to instructions that build themselves over time, as users seek answers. This leads to incomplete information or, at best, chaotically organized information. Adobe, I’m looking at you.
My go-to source for decently written manuals has long been the Take Control series, originally published by TidBITS, now by Joe Kissell. If they don’t have a guide to a particular app/system, I feel lost. How about one on the arcane world of ISPs, DNS, IP addresses, etc Joe?
When the Wayback Machine got involved, I knew we were in epic territory.
That was a fun read. Thanks @IvanExpert!
I spaced out on the date google would be turning off their free service and when I moved my mother over to iCloud Custom Email Domain I forgot that all her email was still on the gmail server. Should of just moved it / copied it to an iCloud mailbox. Anyway as soon as I disabled the gmail account her Mac it disappeared! All mail was gone!
I called up google and begged for an extension or a freebie for a week but they simply said I had to sign up with a credit card and then get the mail - then unsubscribe and payment would be prorated.
I recall when I went back to the admin page I was able to get the mail via Mail.app on her laptop without subscribing so he must of flipped some magic switch. Ended well and all my emails are now hosted free (included in iCloud account) with Apple. Zero problems and now I have true push email. Of course caveats with this as I personally have sub emails on my domain and they all come into same email inbox - so if you have a company with Joe sue and harry at xyz.com this would not work.
Thank you, @IvanExpert, for sharing your digital sleuthing story with us. That was a grand read!
May your story reach lots of readers so people realize the importance of properly managing their (admin) accounts. And just as importantly, that they understand a fundamental risk inherent in cloud-only/cloud-first services.
Because the typical usage paradigm for services such as Google Workspace is to edit documents in a browser, there are no local copies on the computer. Hence, if you cannot log into your online account for any reason, you lose access to all of your data.
Compare this to the paradigm of working on local files that are synchronized across devices via the cloud: As long as the hardware device works, the only account you need to successfully log into, is the one on the device. Working offline is just as trivial as having as many synchronized copies of the files on other devices or backup media as you’d like.
If main computer breaks down for any reason, you can access the data on other devices and/or restore it from backups. And you don’t have to rely on the responsiveness of a large company’s support team to do so. (That Google’s support closed the ticket due to a “high volume of callers,” so to speak, is rather unsettling!)
I do understand why businesses of all sizes find Google Workspace intriguing: it’s a complete package of the key productivity applications that a company needs; it promises near-zero maintenance effort on the side of the customer; and it’s reasonably prized.
And while large companies (should…) have the dedicated IT expertise to prepare for a scenario like the one you describe here, small and even midsize businesses might not be aware of the risk of losing access to crucial data because of a single point of failure, or about how to properly prevent that from happening.
Join the discussion in the TidBITS Discourse forum