The script suspends the Google Workspace account of a user and revokes all their Google Workspace licenses. You can execute this script in a Run a program or PowerShell action in a business rule, custom command, or scheduled task configured for the User object type. The script performs the task using the GAM tool.
Note: Before using the script, install and configure the GAM Tool on the computer where Adaxes service runs. For details, see GAM Wiki.
Parameters:
- $gamPath - Specifies a path to the GAM executable file.
- $waitTimeMilliseconds - Specifies the time to wait for GAM response. It is recommended not to set a larger value than the 10 minutes' limit applied by Adaxes to scripts executed by business rules, custom commands and scheduled tasks. If a script runs for more time than you specify, it will be completed, but the errors, warnings and other messages will not be added to the Execution Log.
- $userID - Specifies a value reference for the property that will be used to match the domain user account with a Google Workspace account. For example, if you specify %mail%, a Google Workspace account with the same identity as the user's Mail property value will be suspended.
PowerShell
$gamPath = "C:\GAM\gam.exe" # TODO: modify me
$waitTimeMilliseconds = 8 * 60 * 1000 # TODO: modify me
$userID = "%mail%" # TODO: modify me
function StartProcess ($arguments)
{
# Start GAM process
$processInfo = New-Object System.Diagnostics.ProcessStartInfo
$processInfo.FileName = $gamPath
$processInfo.RedirectStandardOutput = $true
$processInfo.RedirectStandardError = $true
$processInfo.UseShellExecute = $false
$processInfo.CreateNoWindow = $true
$processInfo.Arguments = $arguments
$process = New-Object System.Diagnostics.Process
$process.StartInfo = $processInfo
[void]$process.Start()
$processCompleted = $process.WaitForExit($waitTimeMilliseconds)
if (!$processCompleted)
{
$process.Kill()
Write-Error "The process timeout."
return $null
}
$resultErrors = $process.StandardError.ReadToEnd()
$resultOutput = $process.StandardOutput.ReadToEnd()
return @{
"Output" = $resultOutput.Trim();
"Error" = $resultErrors.Trim();
}
}
# Get user licenses
$gamResult = StartProcess "print licenses"
if (-not([System.String]::IsNullOrEmpty($gamResult.Output)))
{
# Parse result
$records = $gamResult.Output | ConvertFrom-Csv | Where {$_.userID -eq $userID}
}
else
{
$Context.LogMessage("An error occurred when getting a list of licenses. Error: " + $gamResult.Error, "Error")
return
}
if ($NULL -eq $records)
{
return # No license found
}
# Remove user licenses
foreach ($productId in $records.productId)
{
$gamResult = StartProcess "user $userID delete license $productId"
if ([System.String]::IsNullOrEmpty($gamResult.Output))
{
$Context.LogMessage("An error occurred when deleting $productId license for the $userID user. Error: " + $gamResult.Error, "Error")
}
}
# Suspend account
$gamResult = StartProcess "update user $userID suspended on"
if ([System.String]::IsNullOrEmpty($gamResult.Output))
{
$Context.LogMessage("An error occurred when suspending the $userID user. Error: " + $gamResult.Error, "Error")
}