title: 'Guide to Google Workspace Account Recovery, Domain Conflict Resolution, and ChromeOS Device Recovery' topic_type: 'Technical deep dive' audience: 'Google Workspace Administrators' last_updated: '2025-06-16' source_articles: 9

Guide to Google Workspace Account Recovery, Domain Conflict Resolution, and ChromeOS Device Recovery

Introduction

This comprehensive guide is designed for Google Workspace Administrators, providing detailed information on managing user and admin account recovery, resolving domain "in use" conflicts, and understanding ChromeOS device recovery mechanisms.

1. Google Workspace Account Recovery

This section covers how administrators can manage and enable recovery options for user and admin accounts, ensuring continued access and enhancing security.

1.1 Understanding Recovery Information

Recovery information, such as a recovery email address and phone number, is crucial for helping users access their Google Workspace accounts when they cannot sign in. This information is used to:

• Send a code to a user for sign-in if they are locked out.
• Prevent unauthorized use of a user's account.
• Make it easier for a user to prove that an account is theirs.
• Tell a user if there is suspicious activity on their account.

It is important to note that a recovery email address is distinct from an alternate email address.

1.1.1 Before Managing Recovery Information

• Choose an email address that the user or admin can sign in to, and which is different from their Google Workspace account address.
• Use a mobile phone number that receives text messages and belongs exclusively to the user or admin.
• Ensure password recovery is turned on for users to allow them to reset forgotten passwords on the sign-in page.

1.2 Managing Recovery Information for Users and Admins

As an administrator with appropriate User management privileges, you can add or update recovery information for users and other administrators:

1. Sign in with an administrator account to the Google Admin console.
2. Go to Menu > Directory > Users.
3. Click the user's name.
4. Select Security > Recovery information.
5. Enter a recovery email address and phone number, then click Save.

1.3 Allowing Users to Add Their Own Password Recovery Details

Super administrators can enable users and non-super administrators to add their own password recovery details. This setting is enabled by default for all users, except for Google Workspace for Education users under 18, where it is only on for super admins. Phone recovery is also on by default for super admins.

To allow users to add recovery details:

1. Sign in with a super administrator account to the Google Admin console.
2. Go to Menu > Security > Authentication > Account recovery.
3. (Optional) To apply the setting only to some users, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Group settings override organizational units.
4. Click Recovery information and check the relevant boxes to allow admins and users to add email or phone recovery information, or both, to their account.
5. Click Save.
6. To later restore the inherited value, click Inherit (or Unset for a group).

Important: Immediately remove a user's recovery information when they leave your organization or if their account might be hijacked.

1.4 Setting Up Password Recovery for Users

As your organization's super administrator, you can allow users and non-super administrators to recover their account if they forget their password through two main options:

• Option 1: Let users reset passwords themselves through an automated system. This requires turning on non-admin password recovery in your Admin console.
• Option 2: Ask users to contact an administrator to reset their password. If user password recovery isn't turned on, users will receive a message to contact their administrator when they click "Forgot password?" on the sign-in page.

1.4.1 Turning On Self-Service Password Recovery

This feature is not available if your organization uses single sign-on (SSO) or Password Sync. It also doesn't work for Google Workspace for Education users under the age of 18. Users need a recovery phone number or email address where they can get recovery instructions.

1. Sign in with a super administrator account to the Google Admin console.
2. In the Admin console, go to Menu > Security > Authentication > Account recovery.
3. (Optional) To apply the setting only to some users, at the side, select an organizational unit or configuration group.
4. Click User account recovery.
5. Click Allow users and non-super admins to recover their account. This setting won't apply if your organization uses single sign-on (SSO) with a third-party identity provider or Password Sync.
6. Click Save. To later restore the inherited value, click Inherit (or Unset for a group).

Preventing Unauthorized Access: When non-admin password recovery is turned on, if you believe a user account may be vulnerable or compromised (e.g., the user is terminated, or the account is suspected of being hijacked), removing the user's recovery information alone is insufficient. You should either change the user's password and disable non-admin password recovery, or suspend the user account to prevent all access.

2. Resolving Domain "In Use" Issues

When attempting to sign up for Google Workspace, you might encounter an error stating "This domain is already in use". This section addresses how to resolve such conflicts.

2.1 Understanding the "Domain in Use" Error

This error indicates that the domain you are trying to register for Google Workspace is already associated with an existing Google service or account. This could be due to a previous trial, an unused account, or another Google service using the domain.

2.2 Steps to Resolve a "Domain in Use" Conflict

To resolve this issue, Google provides a specific contact form through the Google Admin Toolbox:

1. Access the Google Admin Toolbox Recovery page designed for "Domain in Use" sign-up issues. This form is specifically for sign-up issues and not for recovering access to an existing account.
2. Enter the domain name that received the "This domain is already in use" error during your sign-up attempt.
3. Provide your details as requested in the form.
4. Follow the prompts to generate a reference number.
5. Verify your domain.
6. Complete your request.

3. ChromeOS Device Recovery

This section details mechanisms for recovering data on ChromeOS devices, particularly after password recovery, and clarifies the data handling by the Chromebook Recovery Utility.

3.1 Setting Up Local Data Recovery on ChromeOS Devices

Local data recovery on ChromeOS devices allows users who have performed password recovery to regain access to locally stored data by signing in online, without needing their old password.

3.1.1 Considerations for Local Data Recovery

• This feature is available for Gmail users of ChromeOS devices with ChromeOS version 118 or higher.
• Admins of Enterprise and Education domains can turn on local data recovery for their users from ChromeOS version 118.
• For ChromeOS Flex, the device must have a Trusted Platform Module (TPM).
• After activation, it does not work immediately for existing users; they must sign into their device accounts at least twice. It works immediately for newly-created users.
• As part of the recovery process, managed users need to sign in online and enter their Google account password (if using Google identity) or their external identity provider password (if using SAML single sign-on).
• If Google identity is used, users can request a new password from their admin, or the admin can turn on password recovery for all or selected users.

3.1.2 Enabling Local Data Recovery

To set up local data recovery:

1. Sign in with an administrator account to the Google Admin console.
2. Go to Menu > Devices > Chrome > Settings. (If you signed up for Chrome Enterprise Core, go to Menu > Chrome browser > Settings). This requires the Mobile Device Management administrator privilege.
3. (Optional) To apply the setting only to some users and enrolled browsers, at the side, select an organizational unit or configuration group. Group settings override organizational units.
4. Go to Security and then Account recovery.
5. Click Account recovery.
6. Choose one of the following options:
   • Defer activation of account recovery until migration phase: Maintains user data recovery in the default option. The default will change in the future to Activate account recovery.
   • Activate account recovery: Activates user data recovery and the user is not allowed to change it.
   • Activate account recovery and allow users to override: Activates user data recovery, but the user is allowed to change it.
7. Click Save. To later restore the inherited value, click Inherit (or Unset for a group).
8. To turn off local data recovery, select Deactivate account recovery. This deactivates user data recovery and the user is not allowed to change it.

3.2 Understanding Chromebook Recovery Utility Data Usage

The Chromebook Recovery Utility is a Chrome extension that lets users burn a recovery image onto a separate device (e.g., USB drive, SD card) to recover a ChromeOS device in recovery mode.

This utility is classified as an Essential Service under data processor mode and is on by default. Google processes no personal data as part of this service.

References

• Add recovery information for admins and users - Google Workspace Admin Help (https://support.google.com/a/answer/11316455)
• Allow users to add password recovery details - Google Workspace Admin Help (https://support.google.com/a/answer/15626761)
• Add recovery information for admins & users - Google Workspace Admin Help (https://support.google.com/a/answer/3033063)
• Set up password recovery for users - Google Workspace Admin Help (https://support.google.com/a/answer/33382)
• Google Admin Toolbox - Recovery (https://support.google.com/a/contact/domain_in_use)
• Data usage for Chrome extension to burn recovery images - Chrome Enterprise and Education Help (https://support.google.com/chrome/a/answer/13675035)
• Set up local data recovery on ChromeOS devices - Chrome Enterprise and Education Help (https://support.google.com/chrome/a/answer/14539268)