We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Suspend user in Google Workspace and revoke all licenses

February 03, 2023 Views: 1180

The script suspends the Google Workspace account of a user and revokes all their Google Workspace licenses. You can execute this script in a Run a program or PowerShell action in a business rule, custom command, or scheduled task configured for the User object type. The script performs the task using the GAM tool.

Note: Before using the script, install and configure the GAM Tool on the computer where Adaxes service runs. For details, see GAM Wiki.

Parameters:

  • $gamPath - Specifies a path to the GAM executable file.
  • $waitTimeMilliseconds - Specifies the time to wait for GAM response. It is recommended not to set a larger value than the 10 minutes' limit applied by Adaxes to scripts executed by business rules, custom commands and scheduled tasks. If a script runs for more time than you specify, it will be completed, but the errors, warnings and other messages will not be added to the Execution Log.
  • $userID - Specifies a value reference for the property that will be used to match the domain user account with a Google Workspace account. For example, if you specify %mail%, a Google Workspace account with the same identity as the user's Mail property value will be suspended.
Edit Remove
PowerShell
$gamPath = "C:\GAM\gam.exe" # TODO: modify me
$waitTimeMilliseconds = 8 * 60 * 1000 # TODO: modify me
$userID = "%mail%" # TODO: modify me

function StartProcess ($arguments)
{
    # Start GAM process
    $processInfo = New-Object System.Diagnostics.ProcessStartInfo
    $processInfo.FileName = $gamPath
    $processInfo.RedirectStandardOutput = $true 
    $processInfo.RedirectStandardError = $true
    $processInfo.UseShellExecute = $false
    $processInfo.CreateNoWindow = $true
    $processInfo.Arguments = $arguments
    $process = New-Object System.Diagnostics.Process
    $process.StartInfo = $processInfo
    [void]$process.Start()
    $processCompleted = $process.WaitForExit($waitTimeMilliseconds)
    if (!$processCompleted)
    {
        $process.Kill()
        Write-Error "The process timeout."
        return $null
    
    }
    $resultErrors = $process.StandardError.ReadToEnd()
    $resultOutput = $process.StandardOutput.ReadToEnd()
    
    return @{
        "Output" = $resultOutput.Trim();
        "Error" = $resultErrors.Trim();
    }
}

# Get user licenses
$gamResult = StartProcess "print licenses"
if (-not([System.String]::IsNullOrEmpty($gamResult.Output)))
{
    # Parse result
    $records = $gamResult.Output | ConvertFrom-Csv | Where {$_.userID -eq $userID}
}
else
{
    $Context.LogMessage("An error occurred when getting a list of licenses. Error: " + $gamResult.Error, "Error")
    return
}

if ($NULL -eq $records)
{
    return # No license found
}

# Remove user licenses
foreach ($productId in $records.productId)
{
    $gamResult = StartProcess "user $userID delete license $productId"
    if ([System.String]::IsNullOrEmpty($gamResult.Output))
    {
        $Context.LogMessage("An error occurred when deleting $productId license for the $userID user. Error: " + $gamResult.Error, "Error")
    }
}

# Suspend account
$gamResult = StartProcess "update user $userID suspended on"
if ([System.String]::IsNullOrEmpty($gamResult.Output))
{
    $Context.LogMessage("An error occurred when suspending the $userID user. Error: " + $gamResult.Error, "Error")
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers