How to audit org-wide Google Drive files shared to an entire external domain

Bhuvan Daruwala

unread,

Sep 4, 2025, 4:34:29 PM (yesterday) Sep 4

to GAM for Google Workspace

Hi GAM Team,

I need to perform an org-wide audit of Google Drive files/folders that are shared with an entire external Google Workspace domain (i.e., type=domain, not individual users).

This mirrors the Drive UI where the Share dialog shows a partner org name like “Virar Hub”. (Refer Screenshot)

Desired outcome

Goal: CSV of every file/folder that has a permission to a domain outside our allowlist
Scope: All users (My Drive) + Shared drives (if possible).

Attaching a screenshot from Drive UI where General access shows an external Workspace org name (“Virar Hub”).
Screenshot 2025-09-05 at 01.46.20.png

Thanks in advance for the guidance and for all the amazing tooling you maintain !

Bhuvan Daruwala

unread,

Sep 4, 2025, 4:34:33 PM (yesterday) Sep 4

to GAM for Google Workspace

Hi GAM Team,

I need to run an org-wide audit of Google Drive files/folders that are shared with an entire external Google Workspace domain

Context / Desired outcome

Goal: CSV of every file/folder that has a domain-level permission to a domain outside our allowlist.
Scope: All users (My Drive) + Shared drives.

Screenshot

Attaching a screenshot from Drive UI where General access shows an external Workspace org name (“Virar Hub”).

Screenshot 2025-09-05 at 01.46.20.png I’m trying to replicate that “shared with entire external domain” signal via GAM at scale.

Ross Scroggs

unread,

Sep 4, 2025, 5:09:39 PM (yesterday) Sep 4

to google-ap...@googlegroups.com

# Get My Drive external domain shares; replace domain.com with your domain name

gam config auto_batch_min 1 num_threads 20 redirect csv ./MyDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess all users print filelist fields id,name,mimetype,basicpermissions pm type domain notdomain domain.com em pmfilter oneitemperrow

# Get Shared Drive organizers

gam redirect csv ./SharedDriveOrganizers.csv print shareddriveorganizers

# Get Shared Drive external domain shares for Shared Drives with an organizer; replace domain.com with your domain name

$ gam config num_threads 20 csv_input_row_filter "organizers:regex:^.+$" redirect csv ./SharedDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess csv SharedDriveOrganizers.csv gam user "~organizers" print filelist select shareddriveid "~id" fields id,name,driveid,mimetype,basicpermissions showdrivename pm type domain notdomain domain.com em pmfilter oneitemperrow

Ross

----

Ross Scroggs

Ross.S...@gmail.com

On Sep 4, 2025, at 1:29 PM, Bhuvan Daruwala <bhuvan....@edba-academy.com> wrote:

Hi GAM Team,
I need to run an org-wide audit of Google Drive files/folders that are shared with an entire external Google Workspace domain

Context / Desired outcome

Goal: CSV of every file/folder that has a domain-level permission to a domain outside our allowlist.

Scope: All users (My Drive) + Shared drives.

Screenshot

Attaching a screenshot from Drive UI where General access shows an external Workspace org name (“Virar Hub”).

<Screenshot 2025-09-05 at 01.46.20.png>I’m trying to replicate that “shared with entire external domain” signal via GAM at scale.

Thanks in advance for the guidance—and for all the amazing tooling you maintain!
Bhuvan Daruwala

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/76c7f9d2-8764-455e-8549-d3151194a142n%40googlegroups.com.
<Screenshot 2025-09-05 at 01.46.20.png>

Ross Scroggs

unread,

Sep 4, 2025, 8:32:53 PM (22 hours ago) Sep 4

to google-ap...@googlegroups.com

# These commands can be speeded up with the following: query "visibility='domainCanFind' or visibility='domainWithLink'"

# Get My Drive external domain shares; replace domain.com with you domain name

gam config auto_batch_min 1 num_threads 20 redirect csv ./MyDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess all users print filelist fields id,name,mimetype,basicpermissions pm type domain notdomain domain.com em pmfilter oneitemperrow query "visibility='domainCanFind' or visibility='domainWithLink'"

# Get Shared Drive organizers

gam redirect csv ./SharedDriveOrganizers.csv print shareddriveorganizers

# Get Shared Drive external domain shares dor Shared Drives with an organizer; replace domain.com with you domain name

$ gam config num_threads 20 csv_input_row_filter "organizers:regex:^.+$" redirect csv ./SharedDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess csv SharedDriveOrganizers.csv gam user "~organizers" print filelist select shareddriveid "~id" fields id,name,driveid,mimetype,basicpermissions showdrivename pm type\

domain notdomain domain.com em pmfilter oneitemperrow query "visibility='domainCanFind' or visibility='domainWithLink'"

Ross

----

Ross Scroggs

Ross.S...@gmail.com

Bhuvan Daruwala

unread,

1:40 PM (5 hours ago) 1:40 PM

to GAM for Google Workspace

Hi Ross,
Thankyou for your response,
I'm currently running the first MyDrive command and due to the size of organization and number of files , I think it will take some time before the report is generated

I will keep you posted on this once the report is ready.

Thanks

Ross Scroggs

unread,

1:44 PM (5 hours ago) 1:44 PM

to google-ap...@googlegroups.com

I sent these updated commands that will run much faster; use them.

# These commands can be speeded up with the following: query "visibility='domainCanFind' or visibility='domainWithLink'"

# Get My Drive external domain shares; replace domain.com with you domain name

gam config auto_batch_min 1 num_threads 20 redirect csv ./MyDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess all users print filelist fields id,name,mimetype,basicpermissions pm type domain notdomain domain.com em pmfilter oneitemperrow query "visibility='domainCanFind' or visibility='domainWithLink'"

# Get Shared Drive organizers

gam redirect csv ./SharedDriveOrganizers.csv print shareddriveorganizers

# Get Shared Drive external domain shares dor Shared Drives with an organizer; replace domain.com with you domain name

$ gam config num_threads 20 csv_input_row_filter "organizers:regex:^.+$" redirect csv ./SharedDriveExternalDomainShares.csv multiprocess redirect stderr - multiprocess csv SharedDriveOrganizers.csv gam user "~organizers" print filelist select shareddriveid "~id" fields id,name,driveid,mimetype,basicpermissions showdrivename pm type\

domain notdomain domain.com em pmfilter oneitemperrow query "visibility='domainCanFind' or visibility='domainWithLink'"

Ross

----

Ross Scroggs

Ross.S...@gmail.com

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/f24d45e5-ffca-4568-87f9-dc320035d595n%40googlegroups.com.

Bhuvan Daruwala

unread,

2:19 PM (4 hours ago) 2:19 PM

to google-ap...@googlegroups.com

Hi Ross,

Thank you for sending the updated commands.

I was able to successfully complete the scan and get the report.

This has helped us mitigate a potential security risk.

Thankyou so much for the help.

Regards

Bhuvan Daruwala

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/7002FC96-B357-4862-AEFB-B12274A385A7%40gmail.com.

Reply all

Reply to author

Forward