Account has maximum allowed number of fowarding addresses (99)
176 views
Skip to first unread message
Valerie Belles
Sep 13, 2023, 6:43:51 PM9/13/23
to GAM for Google Workspace
Hello!
Image of the log file export (edited to remove domain names): <<attached file: S_Compliance_ForwardLimit_LOG.csv>>
We're trying to add forwarding addresses to service accounts using GAMADV-XTD3 and running into an API error limit that there are too many forwarding addresses already on the account. We're wondering if this issue documented below is a real API limitation or if it's something which could be circumvented. Also, I am not sure which API is being called here as it could be Gmail, AdminSDK, or Groups I suppose - all are in play here.
Thank you!
Here are our details:
Requirement:
Use API to add a new ForwardingAddress to a non-human user account. There could be several hundreds of these fowarding accounts needed for each service account.
Use API to add a new ForwardingAddress to a non-human user account. There could be several hundreds of these fowarding accounts needed for each service account.
Known details: The service account is a fully licensed user account, and has 99 forwardingaddresses already in place. We need to add more. We are able to add more forwarding addresses directly through the Gmail settings>forwarding UI. We are only blocked from adding via API. We have not found a limit when adding manually through the UI.
Issue: Receiving an "ERROR 400:" message that the limit for forwarding addresses has been reached on this account. The limit appears to be 99 forwarding accounts. No more can be added via API after this number.
GAM Versions: Have tried using both: GAMADV-XTD3 (version 6.63.03) ) AND GAM (version 6.58)
Script: Used this same script on both GAM and GAMADV-XTD3 and it worked great for the first 99 addresses until #100 on the list:
gam user s_comp...@mydomain.com add forwardingaddress groupemail...@mydomain.com
Expected behavior: Add a new forwarding address to the account.
Issue: Receiving an "ERROR 400:" message that the limit for forwarding addresses has been reached on this account. The limit appears to be 99 forwarding accounts. No more can be added via API after this number.
GAM Versions: Have tried using both: GAMADV-XTD3 (version 6.63.03) ) AND GAM (version 6.58)
Script: Used this same script on both GAM and GAMADV-XTD3 and it worked great for the first 99 addresses until #100 on the list:
gam user s_comp...@mydomain.com add forwardingaddress groupemail...@mydomain.com
Expected behavior: Add a new forwarding address to the account.
Actual behavior: Receive an error warning of forwarding limits. "ERROR: 400: Account has maximum allowed number of forwarding addresses (99) - failedPrecondition"
Work arounds:
Work arounds:
1. Set the service account as a super admin to circumvent the SSO requirements, reset the password and sign into the account directly to add forwarding accounts via Gmail Settings>Forwarding tab. These steps also assume that the same actor has the ability to approve the validation needed to manually add the new forwarding account. This is NOT sustainable and the security team does not approve of this workaround to access the service account in this manner.
2. Create many service accounts to cover the needed forward addresses. These could constantly grow in number as more forwards are needed. The limitation here is licensing cost to host the extra service accounts.
Image of the log file export (edited to remove domain names): <<attached file: S_Compliance_ForwardLimit_LOG.csv>>
Ross Scroggs
Sep 13, 2023, 6:57:02 PM9/13/23
to google-ap...@googlegroups.com
Valerie,
Here is the API Gam is calling: https://developers.google.com/gmail/api/reference/rest/v1/users.settings.forwardingAddresses/create
I can pursue this in more detail later
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/5ad1c6d8-37dd-4d9f-96a6-36bfdf438568n%40googlegroups.com.
<S_Compliance_ForwardLimit_LOG.csv>
Valerie Belles
Sep 19, 2023, 5:27:08 PM9/19/23
to GAM for Google Workspace
Hello!
Thank you for the API, Ross!
Would you like more information about this question? I'm interested if this is an API limitation or a GAM limitation, and if this can be worked around?
Sincerely yours,
Valerie
Reply all
Reply to author
Forward
0 new messages