GAM Report - Export list with usernames & date - of last password reset
422 views
Skip to first unread message
Josh Townsend
Sep 16, 2022, 1:58:57 AM9/16/22
to GAM for Google Workspace
Hello.
Is there a GAM command, that will export to a .csv file, that shows from an OU, and sub-OUs user's:
- First Name
- Last Name
- Email address
- Date of last password reset
Previously, we ran a GAM command that forced all users in an OU, and its sub-OUs, to "changepasswordatnextlogin".
gam ou_and_children "/All Users/Staff" print users changepassword > password-report.csv
This command shows us the user's email address, and shows either "True" (they still need to reset their password), or "False" (they have already reset their password.
What I would like to do is run a command that will show what was the "date" when they did their last password reset on their G Suite account.
Is this even possible?
Thanks.
Maj Marshall Giguere
Sep 16, 2022, 9:52:11 AM9/16/22
to google-ap...@googlegroups.com
Josh;
AFAIK it is not in user information. You might find it using the report event "password_edit", but it would be a separate operation.
Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
Volunteers serving America's communities, saving lives, and shaping futures.
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/83ca573e-0cd0-4b5e-be33-a3042876d900n%40googlegroups.com.
Maj Marshall Giguere
Sep 16, 2022, 10:03:04 AM9/16/22
to google-ap...@googlegroups.com
Will produce all the password edit events for the previous month.
Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
Volunteers serving America's communities, saving lives, and shaping futures.
Josh Townsend
Sep 16, 2022, 6:43:50 PM9/16/22
to GAM for Google Workspace
Thank you so much. this worked. By any chance, is there more than you can put in this command to include the user's first and last name?
Maj Marshall Giguere
Sep 16, 2022, 7:28:12 PM9/16/22
to google-ap...@googlegroups.com
Josh;
Sadly I believe the answer is "no" from looking at the API doc. Here again it would be a multi-step process. You are given the user ID (primaryEmail) so you would have to poll each user independently. Here's a one liner, not sure if this helps:
$> gam report login user all start "2022-08-01" end "2022-09-01" event password_edit | gam csv - gam info user ~actor.email quick fields fullname
One thing to keep in mind is the "actor.email" may, or may not, be the actual user, it could just as easily be an admin, but in most cases it will be the user.
Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
Volunteers serving America's communities, saving lives, and shaping futures.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/d7b2cf83-4c6f-45b0-9b84-6815c44a448en%40googlegroups.com.
Maj Marshall Giguere
Sep 16, 2022, 7:36:10 PM9/16/22
to google-ap...@googlegroups.com
As slightly more useful solution:
$> gam report login user all start "2022-08-01" end "2022-09-01" event password_edit | gam csv - gam user ~actor.email print fullname
This gets you a collection of csv's with the user's primaryEmail and fullname.
Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
Volunteers serving America's communities, saving lives, and shaping futures.
Ross Scroggs
Sep 16, 2022, 10:52:33 PM9/16/22
to google-ap...@googlegroups.com
This will give you a single CSV file
gam report login user all start "2022-08-01" end "2022-09-01" event password_edit | gam redirect csv ./UsersWithPasswordChanges.csv multiprocess csv - gam user ~actor.email print fullname
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CADSK1vu9%3D3Lyss30_%3DtkANCu2k_DvcxdDsqq_Qad2K7TKVM52Q%40mail.gmail.com.
Ross Scroggs
Sep 17, 2022, 10:53:22 AM9/17/22
to google-ap...@googlegroups.com
The full deal:
gam redirect csv ./PasswordEditLog.csv report login user all start "2022-08-01" end "2022-09-01" event password_edit
gam redirect csv ./UserFullnames.csv multiprocess csv PasswordEditLog.csv gam user "~actor.email" print fullname
Edit it
DATA_KEY_FIELD = 'actor.email'
python3 AppendUserData.py ./PasswordEditLog.csv ./UserFullnames.csv ./PasswordEditFullnamesLog.csv
PasswordEditFullnamesLog.csv has the password edit log with the user's name appended.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CADSK1vu9%3D3Lyss30_%3DtkANCu2k_DvcxdDsqq_Qad2K7TKVM52Q%40mail.gmail.com.
Ross Scroggs
Sep 17, 2022, 10:55:06 AM9/17/22
to google-ap...@googlegroups.com
The full deal:
gam redirect csv ./PasswordEditLog.csv report login user all start "2022-08-01" end "2022-09-01" event password_edit
gam redirect csv ./UserFullnames.csv multiprocess csv PasswordEditLog.csv gam user "~actor.email" print fullname
Edit it
DATA_KEY_FIELD = 'actor.email'
PasswordEditFullnamesLog.csv has the password edit log with the user's name appended.
Ross
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CADSK1vu9%3D3Lyss30_%3DtkANCu2k_DvcxdDsqq_Qad2K7TKVM52Q%40mail.gmail.com.
James SEYMOUR
Sep 19, 2022, 7:53:18 PM9/19/22
to GAM for Google Workspace
Not sure if this also gives you what you need, and I don't want to look like I am contradicting Ross :). Change the range days to suit or remove and you will get the last 180 days of events. Change todrive if you output to a CSV.
gam report admin event CHANGE_PASSWORD range -9d -2d todrive
This report shows these headers, by default;-
name
USER_EMAIL
actor.callerType
actor.email
actor.profileId
id.applicationName
id.customerId
id.time
id.uniqueQualifier
ipAddress
type
USER_EMAIL
actor.callerType
actor.email
actor.profileId
id.applicationName
id.customerId
id.time
id.uniqueQualifier
ipAddress
type
Cheers
James
Josh Townsend
Sep 20, 2022, 10:46:55 AM9/20/22
to GAM for Google Workspace
Hi everyone. Thank you so much for the assistance. This is great. Thanks =)
Maj Marshall Giguere
Sep 20, 2022, 11:12:25 AM9/20/22
to google-ap...@googlegroups.com
Ross and I did a bunch of experiments a couple of days ago to try and nail down Google's behavior. The event CHANGE_PASSWORD, only seems to return events where the password was changed for the user, that would seem to imply admin privileges. The PASSWORD_EDIT event returns events where an "actor" has changed the password. It appears that the PASSWORD_EDIT event only triggers when the actor is the "user". The api doc is not clear on this. So, it depends on what you're looking for. Whether you want to know if the "user" changed their password, or an admin. Ah, but then no one ever accused Google of having clear, comprehensible api documentation. ;-)
Maj Marshall E Giguere
NH Wing Director of IT
Civil Air Patrol, U.S. Air Force Auxiliary
Volunteers serving America's communities, saving lives, and shaping futures.
Jerudong International School
https://www.jerudonginternationalschool.comFollow us on:![http://www.facebook.com/jisbruneidarussalam]()
![http://www.twitter.com/jisbrunei]()
![http://www.instagram.com/jisbrunei]()
![https://www.youtube.com/user/JISBrunei]()
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/8829860d-f9e3-4b32-b9db-27d6e4fac1cfn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages