GAM equivalent to GCDS

[Gabriel Clifton]

We have users that are Google only and we have some that are Windows AD and Google combination which has been making GCDS a nightmare at times with exceptions and groups so I was thinking of just combining GAM with my current AD account creation HTA script instead of having it execute the GCDS run script. I know how to do most of this, but I want to make sure I have everything properly planned before I start building and modifying. Currently with GCDS I have it sync accounts with exceptions, groups with exceptions, user profile defaults, user OU placement, and a custom schema for each user. Some campuses even have calendars that all staff must get.

For creating users, I know I can do

gam create user super....@domain.com firstname "Super" lastname "Teacher" password teacherpass suspended off changepassword off org "/Campus/Campus Teacher" GAL on

Our students are on a subdomain so I like to always include the domain for users in my GAM scripts because when I didn't, I would always get in the habit of not using the domain and forget to add the domain for the students.

To add them to their groups
gam update group HighS...@domain.com add member super....@domain.com

For ensuring they see the campus calendar

gam user super....@domain.com add calendar domaim.com_abcdakm...@group.calendar.google.com hidden false

Now, what I am not figuring out is setting custom schema on account creation in which I link Enhanced_desktop_security to [AD_accounts] for Credential Provider for Windows.

Also, the default user profile. I know that has to be in a JSON format so I was thinking having premade JSON files that GAM can call, but how?

So far, I see six different GAM commands just for creating the user, is that correct?

[Brian Kim]

You can add Enhanced_desktop_security.AD_accounts <value> to your gam create user  command.

For excluding the domain part, you could possibly use gam select teachers or gam select students with different sections specifying different values for the default domain.

And could you please clarify what default user profile you are referring to?

[Gabriel Clifton]

Perfect, thanks for that one. The user profile settings that I automatically set per campus are Phone (Work), Address (Work), Job Title, Department, Organization name, organization type and I am thinking about adding Building id.

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/a9d985d9-c5d6-45a5-97ec-01741804a30en%40googlegroups.com.

--

Gabriel Clifton | Network Administrator

Fort Stockton ISD | Technology Center
gabriel...@fsisd.net | http://www.fsisd.net
Office (432) 336-4055 ext 2

Fax (432) 336-4050
1204 W. Second St., Fort Stockton, TX 79735

CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.

"You must always be willing to work without applause."
— Ernest Hemingway

"You just have to find that thing that's special about you that distinguishes you from all the others, and through true talent, hard work, and passion, anything can happen."
— Dr. Dre

[Gabriel Clifton]

Just for a pre try, I did a gam update user <me> Enhanced_desktop_security.AD_accounts msDS-PrincipalName and got Update Failed: Invalid Schema Value. Did I miss something?

On Fri, Mar 26, 2021 at 7:38 AM Brian Kim <bria...@strataprime.com> wrote:

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/a9d985d9-c5d6-45a5-97ec-01741804a30en%40googlegroups.com.

[Gabriel Clifton]

AH, it's gam update user <me> Enhanced_desktop_security.AD_accounts multivalued msDS-PrincipalName

[Kim Nilsson]

And there you replace the PrincipalName bit with their real AD UPN?

Or is that the exact command?

gam update user <UserNameHere> Enhanced_desktop_security.AD_accounts multivalued msDS-PrincipalName

[Gabriel Clifton]

It would be gam update user <UserNameHere> Enhanced_desktop_security.AD_accounts multivalued msDS-PrincipalName or gam update user <UserNameHere> Enhanced_desktop_security.AD_accounts multivalued "Domain\Username"

--

You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/cccc0634-e945-4811-aa47-42059a2f1d87n%40googlegroups.com.

[Gabriel Clifton]

After much testing, I found that if I created a generic json file for each campus, I could just call the json with gam create user <EmailAddress> ...... json file campus.json