AgentSkillsCN

google-workspace-user

使用 GAM CLI 配置与管理 Google Workspace 用户。适用于用户希望创建新邮箱账户、管理用户、重置密码,或对 Google Workspace 进行日常管理时使用。可通过“创建用户”、“新邮箱”、“配置用户”、“将用户添加至工作区”、“重置密码”或“管理 Google 用户”等短语进行触发。

SKILL.md
--- frontmatter
name: google-workspace-user
description: Provision and manage Google Workspace users using GAM CLI. Use when the user wants to create new email accounts, manage users, reset passwords, or administer Google Workspace. Triggers on "create user", "new email", "provision user", "add user to workspace", "reset password", or "manage google user".

Google Workspace User Management

Provision and manage Google Workspace users using the GAM (GAMADV-XTD3) CLI tool.

Prerequisites

Check for GAM Installation

First, verify GAM is installed:

bash
which gam || which gamadv-xtd3
gam version

If GAM is not installed, inform the user:

GAM is not installed. To install GAMADV-XTD3:

bash
bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh)

After installation, run gam oauth create to authenticate with your Google Workspace domain.

Verify GAM Authentication

bash
gam info domain

If this fails, the user needs to authenticate:

bash
gam oauth create

Workflow

Step 1: Gather User Information

Ask the user for the following (use AskUserQuestion tool):

Required:

Optional:

  • Password (generate secure random if not provided)
  • Organizational unit (OU path, e.g., /Sales or /Engineering)
  • Recovery email
  • Recovery phone
  • Job title
  • Department
  • Manager email

Step 2: Validate Input

Before creating the user:

  1. Check if email already exists:

    bash
    gam info user <email> 2>&1

    If user exists, inform and ask how to proceed.

  2. Validate email format:

    • Must be valid email format
    • Domain must match the Google Workspace domain

  3. Generate password if not provided:

    bash
    openssl rand -base64 12

Step 3: Create the User

Use GAM to create the user:

bash
gam create user <email> \
  firstname "<first_name>" \
  lastname "<last_name>" \
  password "<password>" \
  changepassword on \
  org "<ou_path>" \
  recoveryemail "<recovery_email>" \
  recoveryphone "<recovery_phone>"

Common GAM create user options:

  • firstname - First name
  • lastname - Last name
  • password - Initial password
  • changepassword on - Force password change on first login
  • org - Organizational unit path
  • recoveryemail - Recovery email address
  • recoveryphone - Recovery phone (format: +1XXXXXXXXXX)
  • suspended off - Ensure account is active
  • archived off - Ensure account is not archived

Step 4: Configure Additional Settings (Optional)

Based on user preferences, apply additional configuration:

Add to groups:

bash
gam update group <group@domain.com> add member <email>

Set manager:

bash
gam update user <email> relation manager <manager_email>

Add aliases:

bash
gam create alias <alias@domain.com> user <email>

Set profile photo:

bash
gam user <email> update photo <photo_path>

Step 5: Send Welcome Email (Optional)

Ask if the user wants to send a welcome email with credentials:

bash
gam sendemail <recovery_email> subject "Your new account" message "
Welcome to the team!

Your new email account has been created:
- Email: <email>
- Temporary Password: <password>

Please sign in at https://mail.google.com and change your password on first login.

If you have questions, contact IT support.
"

Step 6: Summary Report

Provide a summary of the created user:

markdown
## User Created Successfully

**Account Details:**
- Email: user@domain.com
- Name: First Last
- Organizational Unit: /Engineering
- Temporary Password: [provided or generated]
- Password Change Required: Yes

**Next Steps:**
1. Share credentials securely with the new user
2. User should sign in and change password
3. Add user to relevant groups if needed

**Useful Commands:**
- View user: `gam info user <email>`
- Reset password: `gam update user <email> password <new_password>`
- Suspend user: `gam update user <email> suspended on`
- Delete user: `gam delete user <email>`

Other User Management Operations

List Users

bash
gam print users
gam print users query "orgUnitPath='/Sales'"

Get User Info

bash
gam info user <email>

Update User

bash
gam update user <email> firstname "NewFirst" lastname "NewLast"
gam update user <email> password "newpassword" changepassword on
gam update user <email> suspended on  # Suspend user
gam update user <email> suspended off # Reactivate user

Delete User

bash
gam delete user <email>

Reset Password

bash
gam update user <email> password "$(openssl rand -base64 12)" changepassword on

Move to Different OU

bash
gam update user <email> org "/New/OU/Path"

List Groups for User

bash
gam info user <email> groups

Add User to Group

bash
gam update group <group@domain.com> add member <email>

Remove User from Group

bash
gam update group <group@domain.com> remove member <email>

Bulk Operations

Create Multiple Users from CSV

bash
gam csv users.csv gam create user ~email firstname ~firstname lastname ~lastname password ~password changepassword on

CSV format:

csv
email,firstname,lastname,password
user1@domain.com,John,Doe,TempPass123!
user2@domain.com,Jane,Smith,TempPass456!

Export All Users

bash
gam print users > users.csv
gam print users allfields > users_full.csv

Error Handling

  • "User already exists": Offer to update existing user or choose different email
  • "Invalid org unit": List available OUs with gam print orgs
  • "Authentication error": Run gam oauth create to re-authenticate
  • "Insufficient permissions": User needs Super Admin or User Management Admin role

Security Notes

  • Never display passwords in plain text in final output
  • Use changepassword on to force password change
  • Consider using recovery email for password reset instead of sharing temp passwords
  • Log all user creation actions for audit purposes