This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

GAM Advanced Help

jpark
New Contributor III

‎05-30-2024 12:48 PM

Hi!

Just finished setting up GAM advanced.  

I have all the auth setup correctly, and the service account has been checked and granted all permissions. 

When I run 'gam print courses todrive', the command only returns Classes I am a part of.  What am I missing?

Topics:
0 Kudos
Reply
5 REPLIES 5

James_Seymour
New Contributor III

‎05-30-2024 07:46 PM

Hi,

What version of GAM are you running? (gam version) . You should see all the courses listed.

You might want to post this on the GAM Google Group https://groups.google.com/g/google-apps-manager, or join the GAM Chat Space https://github.com/GAM-team/GAM/wiki/GAM-Public-Chat-Room, as these are dedicated to GAM questions. 

Running gam oauth refresh followed by gam oauth update may help, but I am not too sure.

Reply

Kim_Nilsson
Admin Moderator

‎05-31-2024 02:53 AM

Your gam install service account is most likely not added to Domain Wide Delegation.

If you run this command, it should fail (that's OK!), and guide you trough adding the service account to the DwD.

gam user none check serviceaccount

Then run it again after a few minutes, and replace none with a real non-admin user.

After you have verified that everything PASS for this real user, then you should be able to run your print courses command again, and this time get all courses for all users.

--
https://wheretofind.me/@NoSubstitute
Reply

jpark
New Contributor III
In response to Kim_Nilsson

‎05-31-2024 08:50 AM

Thanks for the replies!

Kim, I tried the steps you outlined.  Was able to confirm that DwD is set to Pass for the user I'd like to use running GAM.  This account is also a teacher on some Google Classrooms in our domain.

Still only getting classes in which the user account is a teacher.

I am using the latest version of GAM Advanced.

The user I am using is not a super admin, but it does have many of the same privileges.   I used to run GAM with a super admin, but read your article and decided to switch to a non super admin account.  I'm able to do other GAM Advanced tasks, like suspend, move users, and delete licenses.  I'll cross post this to the GAM discussion boards as well.

0 Kudos
Reply

jpark
New Contributor III

‎06-04-2024 07:43 AM

Update:  Had a nice convo with Ross Scoggs, he said to run this particular command as a super user to get ALL the courses in the domain.  It worked.

Reply

Kim_Nilsson
Admin Moderator
In response to jpark

‎06-04-2024 07:46 AM

Was just about to write that. 🙂

You can, of course, as non-superadmin run the print command for all individual users, and multiprocess that into a single list.

But, as clearly seen in the wiki, there are a number of commands run with Client Access, meaning you have to actually have the necessary admin rights (which doesn't always mean superadmin), and other commands with Service Account access.

When run with Service Account access, then you always have to provide the username of the user you wish to act on.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines