-
Notifications
You must be signed in to change notification settings - Fork 473
GAM options files
If you add some specific files to the same folder as GAM.exe (or gam.py), you can alter the behavior of GAM. Each file has to exist to do its job - there is no specific content required in the file.
nocache.txt
The cache will be disabled at the cost of some performance.
https://groups.google.com/d/msg/google-apps-manager/j24xT9lGYYY/bn-m4kud-hoJ
noupdatecheck.txt
Update checks will be disabled. (Helpful when running GAM from an unattended batch file.)
https://groups.google.com/d/msg/google-apps-manager/RAKFcr7Y7Vs/2obG5hU43hYJ
nobrowser.txt
Use during initial installation and configuration on a computer without a web browser. GAM will display a link which you can copy and open from a computer running a browser in order to manually authorize.
GAM can provide full HTTP API call details and headers. This can be useful if you are troubleshooting an issue with GAM and the APIs and Google Support would like to know the exact way GAM is talking to the Google API servers. Just create a file called debug.gam
in the same folder as gam.exe (Windows) or gam.py / gam (MacOS/Linux). The file can be blank, GAM only checks for the existence of a file called debug.gam
, it doesn’t care about file contents. Here’s a sample output from GAM with debug.gam
in place. You can see the Admin SDK Directory API users.insert() API call is being utilized by GAM and you can see the request failed (because I tried to use a google.com domain which is not the domain I’m authenticated as). You also see exactly which API parameters GAM sent with the request.
$ gam create user user@google.com firstname Jay lastname Lee password P@ssw3rd
Creating account for user@google.com
connect: (www.googleapis.com, 443)
send: 'POST /admin/directory/v1/users?fields=primaryEmail&alt=json&prettyPrint=true HTTP/1.1\r\nHost: www.googleapis.com\r\ncontent-length: 233\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: GAM 6.21 - https://github.com/GAM-team/GAM / Jay Lee <jay0lee@gmail.com> / Python 2.7.10 final / Linux-4.2.0-34-generic-x86_64-with-Ubuntu-15.10-wily x86_64 / google-api-python-client/1.5.0 (gzip)\r\ncontent-type: application/json\r\nauthorization: Bearer ya29.Ci4JA4DnhABG2sXcybdIJV7ALJuSRq9bvyxCIxm0vdXPchkOZGapecYozpKHOy-0\r\n\r\n{"primaryEmail": "user@google.com", "password": "$6$heoqb7mBLg0wV/xE$OTWfJtYq9/mKqtZBgtyr5J7lgtW.fANCimmioaGfcXQh7QlxiDNhv/atEm4qIaqsAsQVQBYP/q.6BSPj5V9Qf0", "hashFunction": "crypt", "name": {"givenName": "Jay", "familyName": "Lee"}}'
reply: 'HTTP/1.1 403 Forbidden\r\n'
header: Vary: Origin
header: Vary: X-Origin
header: Content-Type: application/json; charset=UTF-8
header: Content-Encoding: gzip
header: Date: Wed, 22 Jun 2016 17:48:48 GMT
header: Expires: Wed, 22 Jun 2016 17:48:48 GMT
header: Cache-Control: private, max-age=0
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Alternate-Protocol: 443:quic
header: Alt-Svc: quic=":443"; ma=2592000; v="34,33,32,31,30,29,28,27,26,25"
header: Transfer-Encoding: chunked
ERROR: 403: Not Authorized to access this resource/api - forbidden
Here's some details on the debug logs above:
$ gam create user user@google.com firstname Jay lastname Lee password P@ssw3rd
this is the GAM command run by the admin.
POST /admin/directory/v1/users?fields=primaryEmail&alt=json&prettyPrint=true HTTP/1.1\r\nHost: www.googleapis.com
in order to create a user, GAM is making an HTTP/1.1 POST request to the URL https://www.googleapis.com/admin/directory/v1/users?fields=primaryEmail&alt=json&prettyPrint=true. HTTPS / 443 is always used by GAM and the Google APIs.
user-agent: 6.21 - https://github.com/GAM-team/GAM / Jay Lee <jay0lee@gmail.com> / Python 2.7.10 final / Linux-4.2.0-34-generic-x86_64-with-Ubuntu-15.10-wily x86_64 / google-api-python-client/1.5.0 (gzip)
GAM includes a User-Agent HTTP header with details about the GAM version and Python / System version in use.
authorization: Bearer ya29.Ci4JA4DnhABG2sXcybdIJV7ALJuSRq9bvyxCIxm0vdXPchkOZGapecYozpKHOy-0
GAM sends an "Authorization" HTTP header with the OAuth access token the admin authorized GAM to use to verify with Google that a G Suite admin is making this calls.
{"primaryEmail": "user@google.com", "password": "$6$heoqb7mBLg0wV/xE$OTWfJtYq9/mKqtZBgtyr5J7lgtW.fANCimmioaGfcXQh7QlxiDNhv/atEm4qIaqsAsQVQBYP/q.6BSPj5V9Qf0", "hashFunction": "crypt", "name": {"givenName": "Jay", "familyName": "Lee"}}
This is the HTTP body and POST data of the GAM request. It's in JSON format. Notice that GAM took the P@ssw3rd
password the admin supplied GAM on the command line and pre-hashed it using the sha-512 crypt algorithm as recommended by Google.
HTTP/1.1 403 Forbidden
Google servers responded with a 403 Forbidden response because the admin user is in my test domain and trying to create a @google.com user account which they are forbidden from doing.
Need more help? Ask on the GAM Discussion Group
GAM Basics
GAM Tutorials
- Managing Users, Groups, Aliases, Domains, Mobile and Chrome Devices, and Resource Calendars
- Group Settings
- Data Transfers
- Print Users, Groups, Aliases, Mobile and Chrome OS devices, OUs, Licenses and Reports
- Managing Custom User Schemas
- User Email Settings
- User Security Settings
- Managing Classroom
- Managing Devices
- Chrome Policy Settings
- Chrome Browser Management
- Calendar Settings
- Unmanaged Users and Invitations
- Google Drive Management
- Inbound SSO Settings
- Managing Admins
- Domain Verification
- Printers
- Managing Product Licenses
- Context Aware Access levels
- Managing Organizations
- OAuth Authentication Related Commands
- Vault / Takeout Commands
- Bulk Operations
GAM Command Reference
Resources
- Questions? Visit the GAM Discussion Forum
- How to run GAM on Chromebooks / Chrome OS and Android devices.
- Setting up GAM on Google Cloud Platform (GCP)
- Running GAM on Google Compute Engine (GCE) VMs Securly
- Using GAM with a Delegated Admin Service Account (DASA)
- Use a YubiKey for Service Account Authentication
- Verify a GAM Install is Official and Legimate