Thanks for the reply!
I'll say this like I know what I'm talking about: In 2.5, Moodle went from a site-wide password salt to a per-user salt (http://docs.moodle.org/25/en/Password_salting).
The main reason I thought that that might have something to do with my problem is that in the database table for the gapps block (again, I'm kinda just stringing words together - I am a former science teacher, not a programmer!), the password field for all of the users whose accounts failed to be created is really different from all of the ones created before the update to 2.5. Before 2.5, all passwords are 30 alpha-numeric characters. After 2.5, they are all 60 characters and include symbols - and they all start with "$2y$10$". I did increase the password field size in this table for 30 to 60, based on someone else's suggestion.
I don't know enough to say that any of this is related. But I think I've checked everything that I can. The sync block even reports that authentication with Google Apps is successful. Our single-sign-on works with accounts that were created before the upgrade and with Google accounts that I create manually.
Our students passwords are less than 8 characters long, but that didn't seem to matter before the 2.5 upgrade. If I understand it correctly, it shouldn't matter now - Moodle is the authentication agent. But I might not understand it correctly. I look at it as Google saying, "Any friend of Moodle is a friend of mine - come on in!". Plus, even our teachers who have 8-character passwords are not getting accounts created.
The real techs are upgrading us from 2.5 to 2.5.1 as I type this - we'll see if that helps!
Thanks again - and to anyone else who can offer some help.