Fairly niche one this one. Needed to hide all the users in a specific AD OU from the Google Workspace’s Global Address List
Powershell to the rescue. Pulling through all the users in a specific searchbase and iterating through them with the GAM gal off
command.
Get-ADUser -Filter * -SearchBase "OU=Name,DC=domain,DC=local" -Properties mail | ForEach-Object {
.\gam.exe update user $_.mail gal off
}
The script pulls the accounts in the specified OU, including their mail attribute, in to an object. It iterates through that object calling gam.exe, selecting the user by email address and setting gal off
.
1 Comment
Adam · September 1, 2022 at 3:10 pm
gam advanced can process a csv input file to do the same action on multiple values. This has the advantage that gam will spawn multiple worker threads (default is 5, but that can be increased in gam’s config file) so the gam portion of the command will run several times faster that way.
Powershell can convert the output to csv, and pipe it into the Gam command. GAM (like many other Unix commands) will let you use “-” as a filename for the CSV file to indicate standard input should be read for he CSV data so you don’t even need to use a foreach-object loop.
Gam CSV uses a tilde “~” to denote a field name to replace in the command with data from the CSV file. Field names ARE case sensitive, so be careful there. I notice that get-aduser appears to be case insensitive, but case preserving – that is, if I use “-Properties mail” the CSV output header will be lower case, but if I use “-Properties Mail” the data is the same, but the header is “Mail” instead of “mail”.
anyway, that would look like:
Get-ADUser -Filter * -SearchBase “OU=Name,DC=domain,DC=local” -Properties mail | convertto-csv -notypeinformation | .\gam.exe csv – gam update user ~mail gal off