Removing Emails from Target OUs

[Garrett Ralston]

Hey everyone,

Recently we had one of our staff accounts compromised, and they sent a phishing email. We're new to GAM and ran the following command: 

gam all users delete threads query 'subject:"Fwd: Project" from:"personwhowa...@pryorschools.org"' doit maxtodelete 999

The only issue is that it went through EVERY account we've ever had, and took hours to complete. I did some digging to see if we could limit it to specific OUs, and found this:

gam ou_and_children </Top/Level/OU> delete messages query "rfc822msgid:<message ID>" doit

So my questions are, would I replace </Top/Level/OU> with <pryor.k12.ok.us/Staff>, and where would I find the message ID of the target email?

[Ross Scroggs]

In Gmail, select the bad message, click the three dots at the right end of the message and choose Show original

You want: gam ou_and_children "/Staff" delete messages query "rfc822msgid:<message ID>" doit

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/e02ed23a-6058-4438-965f-423b8fdf1f66n%40googlegroups.com.

[Ralston, Garrett]

Thanks Ross!!

You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/FEUuj4Tud38/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/A2FF4E09-8B28-450B-8F01-B81008C00407%40gmail.com.

--

Thanks,

Garrett Ralston

Technology Specialist II

One to One Coordinator

Pryor Public Schools

(918) 825-3999 Work