Users

gam create user <New User Email> firstname <First Name> lastname <Last Name> notify <Alternative Email Address> subject "<Subject Line Text>" from <Senders Email Address> password random 10 changepasswordatnextlogin org </Path/To/OU>

Delete

User

gam delete user <Email Address>

Deleting users using a CSV file

gam csv <CSV File Name>.csv gam delete user ~email

OU

gam delete users ou </Path/To/OU>

Global Address List (GAL)

Remove User from GAL

This is the also the Directory Sharing setting in Google Admin

gam update user <User Email Address> gal false

Info

User, Group or Alias

Remove the noinfo option to show more info, although this does not achieve much.

gam whatis <Email Address> noinfo

Equally, you can use.

gam info user <Email Address>

From First name

gam info users query "givenName:<Users First Name>"

If you want a list the emails

gam print users query "givenName:<Users First Name>" todrive

From User ID

gam info user uid:<id#>

Passwords

Update User

Using a CSV file called users.csv.

gam csv users.csv gam update user ~email_address password ~password

Date Changed

CHANGE_PASSWORD

This option will show the times when the password is changed for the user, so by a user with Admin privileges. By default, this will show the changes in the last 180 days. Add a date range if needed, for example range -9d -2d.

gam report admin event CHANGE_PASSWORD todrive

PASSWORD_EDIT

This option will show the times when a user changes their own password.

gam report login user all start "<yyyy-mm-dd>" end "<yyyy-mm-dd>" event password_edit todrive

Update and Email Alternative Email

gam update user <User Email Address> password random notify <Alternative Email Address> subject "New Google Workspace Account Password" from <Senders Email Address> changepassword true

Print

Recovery Email

Find the Recovery Email for all users, users in an OU (and sub-OUs) or a specific user.

gam print users recoveryemail todrive

gam ou_and_children </Path/To/Top/OU> print users recoveryemail

gam user <User Email Address> print user recoveryemail

Deleted Users

Show the users that have been deleted.

gam print users deleted_only allfields

Suspended Users

Creates a gSheet listing all users and showing if suspended (True)

gam print users custom all suspended todrive

Special Characters

This command can be used to find users with special characters, such as ' or - in their display name.

gam config csv_output_row_filter "{\"name.fullName\": \"regex:<Text to Search>""\""} ou_and_children_ns <Path/To/OU> print users fields name

PrimaryEmail Contains

gam config csv_output_row_filter "primaryEmail:regex:<Text To Search>" print users primaryemail todrive

Sendas

User

gam user <User Email Address> print sendas todrive

OU and Sub-OU

gam ou_and_children_ns </Path/To/OU> print sendas todrive

Filecounts

gam ou </Path/To/OU> print filecounts todrive

gam all users_ns_susp print filecounts todrive

Print Groups

All Groups

This will only show direct memebership.

gam user <User Email Address> print groups todrive

Role

The <Role> can be [Manager|Owner] as required

gam user <User Email Address> print groups role <Role> todrive

Print ID

User

gam user <User Email Address> print id

OU

gam ou_and_children_ns </Path/To/OU> print id todrive

All Users

gam print users id todrive

Print LastLoginTime

Single User

There are 2 options and both can give different results (taken from this thread from the GAM Group)

gam info user <User Email Address> | grep -i "last login time"

gam print users query "<User Email Address>" fields lastLoginTime

OU

gam ou_and_children_ns </Path/To/OU> print fields lastLoginTime ou name todrive

All Users

gam all users_ns print fields lastLoginTime ou name todrive

Group

gam group <Group Email Address> print fields lastLoginTime todrive

LastloginTime = Never

For all users

gam config csv_output_row_filter "lastLoginTime:time=Never" print users fields lastLoginTime

For an OU and sub-OUs

gam config csv_output_row_filter "lastLoginTime:time=Never" ou_and_children </Path/To/OU> print fields lastLoginTime todrive

For a Group

gam config csv_output_row_filter "lastLoginTime:time=Never" group <Group Email Address> print fields lastLoginTime todrive

Print Orgs

ORG Tree with user Count

gam print orgs minusercount 0 todrive

Print Userlist

The userlist option can be used to 'list' all the users in a Group or OU on a single line in a file or single cell of a Google Sheet.

Group

gam group <Group Email Address> print userlist todrive

OU

The delimiter option will add specific text (comma, etc) between each of the results.

gam ou </Path/To/OU> print userlist delimiter <Text Between> todrive

Print Users

All Users

gam print users allfields todrive

All Users in an OU and its sub-OUs

gam ou_and_children_ns <top level OU> print allfields todrive

All Users, in an OU and its sub-OUs, email, FirstName and FamilyName

gam ou_and_children_ns <top level OU> print email firstname familyname todrive

Domain

Change allfields if you require to specify specific fields.

gam print users domain allfields <Domain> todrive

Suspended

Both these don't really do what they say. They create a output that shows a column for Suspended with a value of TRUE or FALSE.

USER

gam user <user email address> print users todrive fields suspended

gam ou_and_children <top level OU> print suspended todrive

Find Info Using Specific Headers

By running gam user <User Email Address> print allfields you will see column headers that cannot be pulled out by specifying these as fields . For example the Title of a user is organizations.0.title. So to get this info run this command.

gam config csv_output_header_filter primaryEmail,name.givenName,name.familyName,organizations.0.title,phones.0.value redirect csv ./<File Name>.csv print users fields firstname,lastname,organizations,phones

If you do not mind having all the organizations.0.xxxxx fields you can run.

gam print users fields firstname,lastname,organizations,phones > <File Name>.csv

Or to save as a Google Sheet

gam print users fields firstname,lastname,organizations,phones todrive

For individual users or OUs, you can use

gam user <User Email Address> print fields firstname,lastname,organizations,phones todrive

gam ou_and_children <Path/To/OU> print fields firstname,lastname,organizations,phones todrive

Users Created within X days

gam config csv_output_row_filter "creationTime:date>-Xd" print users fields primaryemail,name,creationtime todrive

Print Users Query

OU and Children

When the orgUnitPath option is used, the results apply to the top level OU and its Children, so the same as ou_and_children. But this only works with OUs.

gam print users query "orgUnitPath='<Path/To/Top/OU>'" fields primaryemail,name todrive

OU Only

Add limittoou to show the uses on in the OU of the query

gam print users query limittoou "orgUnitPath='<Path/To/OU>'" fields primaryemail,name todrive

isSuspended

isSuspended=False gives active users. Change to True to show suspended users.

gam print users query "orgUnitPath='<Path/To/Top/OU>' isSuspended=False" custom all todrive

isSuspended AND isArchived

gam print users query "isSuspended=True isArchived=False"

Full Name

Print off just email and Full Name. NB orgUnitPath = ou_and_children.

gam print users query "orgUnitPath='/Path/To/Ou'" fullname

Search Name

Lists the email addresses containing <Name to Search> as one of it's names.

gam print users query "name:<Name to Search>"

2-step verification

This example can be changed to search for other options using this info https://developers.google.com/admin-sdk/directory/v1/guides/search-users

gam print users fields name,organization query "orgUnitPath='/<Path/To/OU>' isEnrolledIn2Sv=True isSuspended=False"

Users in Multiple OU

This will include users in the sub-OUs as well.

gam print users fields primaryemail,firstname,lastname,orgunitpath licenses queries "orgUnitPath='</Path/To/OU-1>'","orgUnitPath='</Path/To/OU-2>'","orgUnitPath='</Path/To/OU-3>'"

Last Login Time & Suspended

Find the users who have not logged in within the last year (365d) and are Suspended.

gam config csv_output_row_filter "lastLoginTime:time<-365d" print users query "isSuspended=True" lastlogintime todrive

Signout

User

gam user <User Email Address> signout

Suspended Users

Suspend Users using CSV

gam csv <File Name>.csv gam update user ~email suspended on

All suspended users where lastlogin more than 14 days from today

gam config csv_output_row_filter '{"lastLoginTime": "time<-14d"}' print users query "isSuspended=True" lastlogintime todrive

Create a CSV of Suspended Users

Create a CSV file called susptest.csv that contains all the users you want to check. This command will create a CSV file called suspended.csv of the suspended users

gam config csv_output_row_filter "suspended:boolean:true" redirect csv ./suspended.csv multiprocess csv susptest.csv gam print users query "email=~~primaryEmail~~" fields suspended

Undelete

User

gam undelete user <User Email Address>

Add the user to an OU after restoring.

gam undelete user <User Email Address> ou "</Path/To/OU>"

CSV

The CSV file needs to have a heading called useremail.

gam csv <CSV File Name> gam undelete user ~useremail

Unmanaged Accounts

All Users

gam print userinvitations todrive

User

gam info userinvitation <User Email Address>

Cancel User

gam cancel userinvitation <User Email Address>

Check User

gam check isinvitable <User Email Address>

Update Organization

Fields

All the fields in this section of a users profile needs to be updated at the same time, otherwise the other fields will be blank.

The fields are;- description: Type of Employee, costCenter: Cost center, department: Department, title: Job Title & primary: True

Single User

For eample running this command will update the users department and clear all the other fields.

gam update user <User Email Address> organization department <New Department> primary

To avoid clearing other fields, update a single users data using

gam update user <User Email Address> organization description "<Type of Employee>" costcenter "<Cost Centre>" department "<Department>" title "<Job Title>" primary

By OU

Update a user profile
All the fields need data. This is needed so that all the columns are created in the Google Sheet.

Create a Google Sheet
This sheet will contain all the data that needs to be used to maintain the data in the fields. Once created, rename the sheet (tab) to Sheet1 and make a note of the <FileID> and the <SheetID>.
gam ou_and_children_ns </Path/To/OU> print organizations todrive

Update Google Sheet
Set up a recurring task to update this Google Sheet with any new users in the OU
gam ou_and_children_ns </Path/To/OU> print organizations todrive tdtitle "<File Title>" tdfileid <FileID> tdsheet id:<SheetID> tdupdatesheet tdtimeformat %Y-%m-%d tdclearfilter true

Update Organization Fields
Manually update this Google Sheet to reflect the new field data and run;-
gam csv gsheet <File Owner Email Address> <FileID> 'Sheet1' gam update user ~primaryEmail organization costcenter "~organizations.0.costCenter" customtype "~organizations.0.customType" description "~organizations.0.description" title "~organizations.0.title" department "~organizations.0.department" primary

Or, to update all users with the same field data, run, for example;-
gam csv gsheet <File Owner Email Address> <FileID> 'Sheet1' gam update user ~primaryEmail organization costcenter "<Text>" customtype "~organizations.0.customType" description "~organizations.0.description" title "~organizations.0.title" department "~organizations.0.department" primary

Update User

gam update user noreply givenname <New First Name>

gam update user noreply familyname <New Family Name>

Link

Work can be replaced with anything, so that a user could have multiple links refering to different parts of their job.

gam update user <User Email Address> website Work "<Website URL>"

Recovery Email

If the Recover Email Address does not contain a domain, such as @gmail.com, then the GSuite domain will be substituted

gam update user <User Email Address> recoveryemail ""<Recover Email Address>""

Recovery Phone

gam update user <User Email Address> recoveryphone ""<+CountryCodeNumber>""

Check

gam user <User Email Address> print [recoveryEmail or recoveryPhone]

Display Name

gam user <User Email Address> update sendas <User Email Address> name "<New Display Name>"

Email

Updating the primary email address will automatically save the original email as an alias.

gam update user <Current Email Address> email <New Email Address>

Adding a Home email address.

gam update user <User Email Address> otheremail home <Home Email Address>

Archived

gam update user <User Email Address> archived <on or off>

Name

Both names have to be included otherwise they will be updated as blank.

gam update user <User Email Address> firstname "<First Name>" lastname "<Last Name>"

Suspend using CSV of Dates

Suspend users where the date in a Google Sheet is before today's date. The date must be in the yyyy-mm-dd format.

gam config csv_input_row_filter "Suspended:date<today" csv gsheet <gSheet Owner Email Address> <File ID> "<Sheet (Tab) Name>" gam update user ~Email suspended on

Unsuspend an OU

Unsuspend all the users in an OU

gam ou </Path/To/OU> update user suspended off

Update User OU (Move)

Single User

3 ways

gam update ou </Path/To/OU> move <User Email Address>

gam update user <User Email Address> ou </Path/To/NewOU>

gam user <User Email Address> update user ou </Path/To/NewOU>

OU

Move users from old OU to new OU.

gam ou </Path/To/Old/OU> update users ou </Path/To/New/OU>

CSV

Create a CSV file (users.csv) with the heading user and the users email address in the single column.

gam csv users.csv gam update user "~user" ou "</Path/To/OU>"

Suspended Users

This command can be used to move users from an OU (and child OUs), who are suspended, to another OU.

gam print users query "orgUnitPath='</Path/To/Top/OU>' isSuspended=True" | gam csv - gam update user "~primaryEmail" ou "</Path/To/New/OU>"