GAM – Google Apps Manager

GAMADV-xtd3 is a command-line tool for managing Google domains and it works very well for many things. This is a list of some tasks I use from time-to-time.

  1. Put users into an OU. The target OU in this case is iPads – Pangyo, a subgroup of our Organizational Emails OU. I put a list of usernames into a text file (ipads.txt) saved in my GAM folder and ran the following in Terminal:
    gam update org "Organizational Emails/iPads - Pangyo" add file ipads.txt
  2. Suspend Google accounts of departed faculty: create a one-column file departed.csv with header Email containing departed faculty email addresses.
    gam csv gam update user ~Email suspended true
  3. Find all groups with suspended users: We notice that suspended users still show up in mail groups. In order to identify and remove them, the following will list all groups followed by the number (and emails) of suspended accounts still appearing in each group. In the latter list, if one sees something like:
    groupname@domain.com,2,sususer01@domain.com,sususer02@domain.com

    this means that sususer01 & 02 are suspended accounts that are still members of the group groupname.

    gam print groups members suspended
  4. Remove Suspended Users from all groups: Along with the previous tip, to remove a user from all groups, just use:
    gam user sususer01@domain.com delete groups
  5. Using GAM with Multiple Domains: I use GAMADV-XTD3 with two Google domains. Once one is set up, the other can be added by editing the gam.cfg file to have the following lines at the end:
    [faculty] 
    domain = facultydomain.edu 
    customer_id = facultyDomainCustomerID# 
    config_dir = faculty 
    
    [students] 
    domain = studentdomain.edu 
    customer_id = studentDomainCustomer# 
    config_dir = students

    Then create sub-folders faculty and students. In each folder, place the respective client_secrets.json and oauth2service.json files. Then use the following to switch from faculty domain to students domain:

    gam select students save
  6. Add Events to Users’ Calendars: To add an event to users’ calendars, use the command below.
    – The +09:00 shifts GMT to South Korea Time
    – The “accepted” tag forces the attendees to accept the event. This can be
    excluded if not needed
    gam calendar eventowner@domain.com create event start 2022-05-16T17:00:00+09:00 end 2022-05-16T17:00:05+09:00 selectattendees accepted users attendee01@domain.com, attendee02@domain.com summary "Event Title - Summary"
  7. Delete an email: If someone inadvertently sends an email to the wrong people or with unfortunate content, we can delete it with GAM. In the Google Admin panel, find the Message ID and drop it right after the “rfc822msgid:”

    Note that “doit” at the end instructs gam to actually delete the messages. Without “doit” gam will search for messages and identify those addresses which would be affected, but without actually deleting the message.

    gam all users delete messages query rfc822msgid:CAHn4qqS-7HmDMme+x5STHO1=x6r-8mTy698GwErBZnko6Z1cDQ@mail.gmail.com doit
  8. Delete spam email messages: If some ne’er-do-well with address spammer@hotmail .com sends a mass email, you can delete them with:
    gam all users delete messages query "from:spammer@hotmail.com" doit
    ...or by subject:
    gam all users delete messages query "subject:Click this harmless link" doit
  9. Bulk Create Google Classrooms: Create ClassroomCreation.csv with columns alias, course, section, teacher and run the following.
    gam csv ClassroomCreation.csv gam create course alias "~alias" name "~course" section "~section" teacher "~teacher" status ACTIVE
  10. Bulk Add Co-Teachers to Classrooms: Create BulkAddTeachers.csv with columns email, alias and run the following.
    gam csv BulkAddTeachers.csv gam user "~email" create classroominvitation course "~alias" role teacher
  11. Find the owner of a Google Doc: It’s the simps if you know the file ID:
    gam show ownership 1SYWGvYIRAt6Q6vfC3BgtlRBNLOU0tSYgLycw4bKOkY
  12. Bulk Add Calendars to Users: Create BulkAddCalendars.csv with columns email, calAddress and run the following (calAddress is the calendar’s address, a bunch of random-looking characters followed by @group.calendar.google.com). Note the options:
    Selected true: “Selects” the calendar to be visible by default. backgroundcolor and foreground um, well, set the background and foreground colors for the calendar.
    gam csv BulkAddCalendars.csv gam user "~email" add calendar "~calAddress" selected true backgroundcolor '#009900' foregroundcolor '#FFFFFF'
  13. Print Users to Drive: You can run this with “…fields allfields todrive” to get all available fields. But when we’re running an audit, it’s much neater for us to get just the fields we need.
    gam print users fields primaryEmail orgUnitPath suspended creationTime lastLoginTime familyName fullName givenName includeInGlobalAddressList isEnforcedIn2Sv isEnrolledIn2Sv todrive
  14. Mass Update Gmail Passwords: We reset all grade 3 student passwords at the beginning of the year and then have each student create their own password. To set this up, we put all of their email addresses in a one-column “grade3.csv” file where the one column header is “email”. Then, the GAM command is:
    gam csv grade3.csv gam update user "~email" password 'newpass' changepassword on
  15. Search Emails for Existing WiFi Login Credentials: We sometimes want to identify who still has their WiFi credentials email from Meraki.  The GAM command is:
    gam all users print messages query "from:'noreply@meraki.com' subject:'You have been authorized for'" todrive
  16. Find Users with YouTube Channels: This will give us a list of all users, including those suspended and archived, who have a YouTube account associated with their Workspace account:
    gam all users_ns_susp print youtubechannels allfields todrive

Banning Google Group Members from Receiving Email

At KIS, we assign our school-owned iPads Google accounts. But since they’re in our staff domain, they’re automatically added to our allstaff email group and receive all the email sent to that group. We don’t want these emails to show up in the iPad mail app and needed a way to remove those addresses from the group mail list. This is the method we use:

First access Google Groups Service for the allstaff group by selecting the group in the Google Admin Control Panel, clicking “Manage users in allstaff” and clicking “View in Groups service”.  On the next screen, click on the Manage link.
allstaff-group01

On the left-hand menu, select Direct add members.
google_groups02

Add the accounts you wish to eliminate from the list.

google_groups03

Select those recently added members and from the Actions menu select Ban.

google_groups04