To say every G Suite admin should be familiar with G Suite Account Management (GAM) is an understatement. The admin portal provides G Suite admins with tons of capability out of the gate, however, many of these features are applied at the user level. Without GAM, customizing and updating G Suite environments can be tedious and error prone. In this article you will see some of my favorite GAM features ranging from basic Mailbox user settings to OU Management. The idea is to help G Suite admins become familiar with the unique tools provided by GAM.
What is GAM?
GAM is an open source command line tool for G Suite admins, which allows admins to quickly update domain and user settings. Beyond basic features for users, GAM provides commands that can be used to automate tasks. If you're an administrator who has worked with Exchange PowerShell in the past, you will be familiar with the ability's and benefits of GAM.
To get started you will need a Super Administrator G Suite account. Once you have Super Admin rights on your account, follow the linked instructions to authorize GAM in your domain.
To help you understand some of the unique capabilities of GAM I have compiled a short list of my favorite GAM commands. This list doesn't come close to showing all the capabilities made available to administrators, but it might help you think outside the box the next time you have a problem.
In case you have not noticed, G Suite is missing the ability to assign Group membership based on Organizational Unit. For a G Suite native company this might not seem like a big deal but exchange admins are used to Dynamic Distribution Groups. With Dynamic Distribution Groups you can automatically place any user from a defined Active Directory OU into a mail group. This allows for fewer touch points during the user creation process. It also helps keep group membership updated as a user moves around the organization. The following command will help us replicate Dynamic Distribution Groups whether you are syncing with and LDAP service or not.
gam update group <group> add member ou <organizational unit>
The above command will add users from the G Suite organizational unit of your choosing to the defined group.
Lets give this some additional context:
gam update group Employee Record add member ou /Human Resources
This command places every member of the Human Resources OU in the Employee Record group. The '/' is used when defining an OU that is below the top level. If you only have one group that needs dynamic group membership, running this basic command will satisfy the group membership requirement but it isn't fully "dynamic". To make sure changes are captured when users are placed into OU’s you will want to add another level of automation. Depending on your operating system you will want to schedule a cron job (linux/mac) or task scheduler (windows) to run this script automatically.
Our next command will help us build automation at scale. Any command in GAM can be associated with a .CSV file. Each file contains objects or variables to be updated within the admin portal. Let's use our example above to set up a .CSV that will upload multiple line items.
Any command with a .CSV upload will follow the same basic format:
gam csv <csv-filename> gam <regular command>
* the CSV file being referenced needs to be in the working directory for GAM
Let's take a look at the format for our .CSV upload:
File Name: ou.csv
Employee Records,/Human Resources
Now run the final command:
gam csv ou.csv gam update group ~Group add member ou ~Organizational Unit
The command above will bulk add Group members based on Organizational Unit. Remember to use the ‘
~’ to denote the desired variables within the CSV.
For many companies the account deletion process includes a waiting period before an account is removed. During that waiting period you are not able to set an alias address for the manager’s (or whoever else the email should go to) email address because the account still exists in G Suite. Making those emails available to the appropriate account will require using a Forwarding address. Administrators can set forwarding addresses programmatically with the GAM tool. The command is found below:
gam user <username> add forwardingaddress <EmailAddress>
gam user brad add forwardingaddress sarah
The above command will forward emails from Brad to Sarah. When you are forwarding an email within your domain, GAM does not require the domain name. If you want to forward email outside of the domain the process command looks like this:
gam user brad add forwardingaddress email@example.com
With this command any mail sent to Brad in my organization will automatically be forwarded to firstname.lastname@example.org.
Setting Signatures for our G Suite users is another way to maximize GAM’s capabilities. Administrators can set a generic signature for all users in the organization or use .txt/html files to set custom signatures for each user.
First let's take a look at the syntax for setting a signature for every user:
gam all users signature “Observian Loves G Suite”
Now lets see how we can import a signature from a file
gam user brad signature file brad-signature.txt
* The .txt file will need to include the file path for the upload to work
To see some of the more advanced features of Signature Setting follow this link.
While this list of commands is limited, I think it gives G Suite admins a new look at problem solving within their domain. I have found countless uses for GAM during my time as a G Suite admin and hope that you have the chance to take advantage of the time-savings and control waiting for you! If you have a unique thats been solved using GAM, or any questions about the article leave a comment below.