Skip to main content

My favorite GAM commands - well a few of them at least!

Where would be without GAM? Paying for expensive syncing tools or doing tedious manual tasks in the admin console. GAM can automate most things you might want to do in G Suite. So these are a few of my favourite commands - one I use either as part of a batch file - or just standalone. There are loads more - but these are ones that are used daily.


Create a spreadsheet of all your domains classes - gam print courses todrive

Create a spreadsheet of a teacher's classes: gam print courses teacher todrive

Bulk create classes:
gam csv classes.csv gam create course alias ~alias name ~alias section ~subject teacher ~teacher status ACTIVE

where classes.csv is a list of classes you want to make.

Add teachers:
gam csv teachers.csv gam course ~alias add teacher ~teacher

Add students:
gam csv students.csv gam course ~alias add teacher ~student

Sync Students (in this example to a group - but could be an ou/csv file)
gam csv groups.csv gam course ~groupmail sync students group ~groupemail

Invite guardians
gam csv guardians.csv gam create guardianinvite ~”Primary Email” ~Email 

where Primary Email = guardians email Email = students G Suite Account

Remove guardian
gam delete guardian guardianemail studentemail


To move chromebooks to specific OU and asset tag etc

gam csv devices.csv gam update cros ~deviceid user ~email notes ~Name ou ~ou

email = users email note = users name ou = ou to pop the device into

ou syntax is like /Chrome Devices/Assigned to specific users/2014 Devices as an e.g. Put stuff in double quotes if in the actual gam command.

List all ChromeOS devices to drive
gam print cros basic todrive

Disable/enable device
gam cros deviceid action disable/reenable
This is way faster than doing this in the management console!


Bulk add users to a group
gam csv users.csv gam update group add member ~email

Change permissions on a group
gam csv groups.csv gam update group ~groupmail who_can_post_message all_managers_can_post

So this one will read a list of groups in groups.csv - where there is a header groupmail and in that column, there are group email addresses. This will restrict them to managers and owners only posting.


Bulk make users:
gam csv users.csv gam create user ~email firstname ~first lastname ~last password ~password changepassword on org “/Students/2017 Students”

So this one makes users, puts them in the specified OU and forces password change at next login.


Delete a specific message for a list of users inboxes:
gam csv mail.csv gam user ~mail delete messages query rfc822msgid:MESSAGEIDHERE doit

mail.csv contains a list of email addresses you want to target. You will need the message id - you can get this from the mail reports in the admin console or vault.

Bulk command options

The simplest way to run bulk commands it "gam csv yourfile.csv gam commandyouwanttorun ....". You reference the headers in the csv file using the "~" symbol - see e.g's above.
The other option is to use PowerShell. I find this slower - but in some cases more reliable - particularly for the gam sync commands. An example would be:
$list = Import-Csv C:\GAM\groups.csv
foreach ($entry in $list)
    .\gam.exe course $($ sync students group $($entry.groupmail)


This does the same as gam csv groups.csv gam course ~groupmail sync students group ~groupemail however, works more reliably for me.

One of the nice things about GAM is that you can string commands together and run them on a schedule to keep stuff up to date. It also has the advantage is that you are authorising the app to run on your machine - and it's your project - you are not giving any power to any third party. Good for privacy.

Popular posts from this blog

Delete a specific email using GAM

If a user send an inappropriate email to a loads of people or get stung by some sort of email exploit you can quickly delete the email from all of the recipients using a GAM command.
Step 1 - get the email header Go into Google Vault and search for the offending user or someone known to have got the message.
Click show details and grab the email ID. This will be a long string of characters followed by
Step 2 - find out who has the email Go into Google Vault and find the original message sent by the offending user. Look at the details to see who got it. Copy the list and dump it into a spreadsheet. Clean up to just a list of emails with a column header 'mail'. Save as a csv file.
Step 3 - delete messages with GAM Put your CSV file in your GAM folder - this e.g. assumes its called mail.csv
gam csv mail.csv gam user ~mail delete messages query rfc822msgid:MESSAGEIDHERE doit

The alternative nuke option is:
gam all users delete messages query rfc822msgid:MESSAGEI…

How to push bookmarks to users in Chrome via the management console

With the release of Chrome and ChomeOS 37 an update to the management console has arrived that allows you to push bookmarks to users.

Under Device Management > Chrome > User Settings > User Experience you will now find the option to add managed bookmarks.

In the example above, the bookmarks are applied to the sub-OU of 'students' - so all our students will get these bookmarks. Simply add your url and the bookmark name, click the + and save. These will appear in a folder called 'yourdomain bookmarks' - see below:

Be aware that to get these bookmarks applied on a Windows/OS-X device the user must be signed into Chrome. Update: if you install the latest group policy template you can push the bookmarks via policy on PCs - details are given here.
Video Guide:

Managed Android Apps on ChromeOS on an Edu G Suite Domain

Android Apps via the Play Store have been available on consumer accounts for some time on selected devices. We have 1:1 Acer R11's and have recently had the opportunity to trial them on G Suite Edu accounts.

From the point of view of the end user, they see the Play Store App appear on the shelf and have to agree to the terms and conditions. After that, force installed and pinned apps are immediately installed and they get access to the Google for Work Store. This only contains apps you have approved for that user.

For the administrator the steps are:

Enable Play Store Apps for the domainEnable access to the Play Store for specific Sub-OUs or usersAdd apps to Play for WorkSet permissions for each app - can install, force install or pin to shelf. This can be done differently for each app and each OU and is therefore very granular. 
Issues so far

Apps take a while to appear in the Play Store for users. Initially only force installed apps appear.You cannot set the permissions of multipl…