Custom Schema for GCPW and AD user association.

Adam Strugatch

unread,

Apr 28, 2022, 2:28:50 PM4/28/22

to GAM for Google Workspace

I'm not sure if this is something better scripted with GAM or done with GCDS.

The article about associating accounts references both the API (assuming that means it's possible with GAM) and GCDS but doesn't give any details.

Has anyone done this either way?

(https://support.google.com/a/answer/9796679#zippy=%2Cenrollment-flow-on-an-ad-domain-joined-device%2Csync-with-gcds%2Cadd-in-the-admin-console)

Adam Strugatch

unread,

Apr 28, 2022, 2:53:30 PM4/28/22

to GAM for Google Workspace

I see the conversation here: https://groups.google.com/g/google-apps-manager/c/9956JUoMmo0/m/m-cjDPk-AwAJ But don't see a consensus on the process. Especially as something repeatable

Adam Strugatch

unread,

May 4, 2022, 8:31:43 AM5/4/22

to GAM for Google Workspace

For anyone looking in the future. Doing this with GCDS doesn't make sense as there isn't an appropriate existing attribute to sync from AD. Instead what I've done is this:

Schedule an export from AD that includes mail and sAMAccountName.

10 minutes after that export I run the following batch:

@ECHO OFF

gam csv C:\GamWorkingDir\usersAttrib.csv gam update user ~mail Enhanced_desktop_security.AD_accounts multivalued DOMAIN\~~sAMAccountName~~

DEL "C:\GamWorkingDir\usersAttrib.csv" /Q

Reply all

Reply to author

Forward