Integrate Wikis - Step 1

docs/Addresses.md

@@ -1,4 +1,4 @@
-# Addresses
+!# Addresses
 - [API documentation](#api-documentation)
 - [Display addresses](#display-addresses)
 

docs/Administrators.md

@@ -1,4 +1,4 @@
-# Administrators
+!# Administrators
 - [Administrator roles documentation](#administrator-roles-documentation)
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)

docs/Alert-Center.md

@@ -1,4 +1,4 @@
-# Alert Center
+!# Alert Center
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Introduction](#introduction)

docs/Aliases.md

@@ -30,7 +30,7 @@ See [Collections of Items](Collections-of-Items)
 <EmailAddress> ::= <String>@<DomainName>
 <EmailAddressList> ::= "<EmailAddress>(,<EmailAddress>)*"
 <EmailAddressEntity> ::= <EmailAddressList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <UniqueID> ::= id:<String>
 ```
 ## Create an alias for a target

docs/Authorization.md

@@ -168,7 +168,7 @@ gam oauth update
 <ProjectIDEntity> ::=
         current | gam | <ProjectID> | (filter <String>) |
         (select <ProjectIDList> | <FileSelector> | <CSVFileSelector>)
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <ProjectName> ::= <String>
         Must match this Python Regular Expression: [a-zA-Z0-9 '"!-]{4,30}
 <ServiceAccountName> ::= <String>

docs/BNF-Syntax.md

@@ -1,4 +1,4 @@
-# Syntax
+!# Syntax
 
 ## BNF Syntax
 This Wiki describes the GAM7 command line syntax in modified BNF.

docs/Basic-Items.md

@@ -1,4 +1,4 @@
-# Basic Items
+!# Basic Items
 - [Primitives](#primitives)
 - [Items built from primitives](#items-built-from-primitives)
 - [Named items](#named-items)

docs/Bulk-Processing.md

@@ -1,4 +1,4 @@
-# Bulk Processing
+!# Bulk Processing
 - [Introduction](#introduction)
 - [Python Regular Expressions](Python-Regular-Expressions)
 - [GAM Configuration](gam.cfg)

docs/CSV-Input-Filtering.md

@@ -16,7 +16,7 @@ There are two values in `gam.cfg` that can be used to filter the input from `gam
 * `csv_input_row_drop_filter` - A list or JSON dictionary used to exclude specific rows based on column values
 
 These filters can be used alone or in conjunction with the `matchfield|skipfield <FieldName> <RegularExpression>` options.
-* https://github.com/taers232c/GAMADV-XTD3/wiki/Bulk-Processing#csv-files
+* https://github.com/GAM-team/GAM/wiki/Bulk-Processing#csv-files
 
 ## Definitions
 [Data Selectors](Collections-of-items)

docs/CSV-Output-Filtering.md

@@ -1,4 +1,4 @@
-# CSV Output Filtering
+!# CSV Output Filtering
 - [Python Regular Expressions](Python-Regular-Expressions) Search function
 - [Definitions](#definitions)
 - [Quoting rules](#quoting-rules)

docs/CSV-Special-Characters.md

@@ -1,4 +1,4 @@
-# CSV Special Characters
+!# CSV Special Characters
 - [Python CSV documentation](https://docs.python.org/3/library/csv.html#dialects-and-formatting-parameters)
 
 ## Python variables that control CSV file reading/writing:

docs/CalendarExamples.md

@@ -0,0 +1,260 @@
+- [Modifying and Viewing Calendar Access Control Lists (ACLs)](#modifying-and-viewing-calendar-access-control-lists-acls)
+  - [Viewing a Calender's ACL](#viewing-a-calenders-acl)
+  - [Adding Users to a Calendar's ACL](#adding-users-to-a-calendars-acl)
+  - [Updating a User Entry in a Calendar ACL](#updating-a-user-entry-in-a-calendar-acl)
+  - [Deleting Users from a Calendar's ACL](#deleting-users-from-a-calendars-acl)
+- [Viewing and Modifying a User's List of Calendars](#viewing-and-modifying-a-users-list-of-calendars)
+  - [Retrieving a Calendar a User Has Listed](#retrieving-a-calendar-a-user-has-listed)
+  - [Showing the Calendars a User Has Listed](#showing-the-calendars-a-user-has-listed)
+  - [Printing the Calendars a User Has Listed](#printing-the-calendars-a-user-has-listed)
+  - [Deleting a Calendar from a User(s) List of Calendars](#deleting-a-calendar-from-a-users-list-of-calendars)
+  - [Adding a Calendar to a User(s) List of Calendars](#adding-a-calendar-to-a-users-list-of-calendars)
+  - [Updating a Calendar in a User(s) List of Calendars](#updating-a-calendar-in-a-users-list-of-calendars)
+- [Deleting Events for a Calendar](#deleting-events-for-a-calendar)
+- [Wiping a User's Primary Calendar](#wiping-a-users-primary-calendar)
+
+GAM now supports Google Calendar Management with the ability to modify Access Control Lists (ACLs) for calendars and to add, list and remove calendars from a users Google Calendar display. GAM can work with user primary and secondary calendars as well as resource calendars.
+
+All Google Calendars have an email address associated with them. All users who have the Calendar service enabled have a primary calendar identified by their email address. Secondary calendars created by or for the user have a special calendar email address which can be learned with the ` gam user <username> show calendars ` command. Resource Calendars also have a special email address that can be learned with the ` gam print resources ` command.
+
+# Modifying and Viewing Calendar Access Control Lists (ACLs)
+## Viewing a Calender's ACL
+### Syntax
+```
+gam calendar <calendar email> showacl|printacl
+```
+Shows the ACLs for the given calendar (showacl) or prints CSV output of the ACLs (printacl). The ACL list will show who has access to the calendar and what level of access they have.
+
+### Example
+This example displays the Calendar ACLs for joe@acme.com
+```
+gam calendar joe@acme.com showacl
+```
+
+---
+
+
+## Adding Users to a Calendar's ACL
+### Syntax
+```
+gam calendar <calendar email> add freebusy|read|editor|owner <user email> [sendnotifications true|false]
+```
+Gives user email the desired level of access to the given calendar by adding the user to the ACL. freebusy allows the user to see only times whe n the calendar is busy without showing event details. read gives the user rights to view but not edit the calendar. editor gives read/write access to the calendar but not ACL or settings modification rights. owner gives the user full access to the calendar with the ability to modify the ACL and calendar settings.
+
+Use the optional sendnotifications flag to choose whether to send notifications about the calendar sharing change or not. The default is True.
+
+**Note:** The special users domain and default cannot be added to a calendar, they can only be updated or deleted by GAM (see below)
+
+**Note:** giving a user rights to another calendar adds that calendar to their list of calendars automatically. A separate command to add the calendar should not be necessary. *Update*: this no longer seems to happen as of early 2020. You'll need to add the calendar to the user's list of calendar's separately.
+
+### Example
+This example gives Bob editor access to Joe's primary calendar.
+```
+gam calendar joe@acme.com add editor bob@acme.com
+```
+
+---
+
+
+## Updating a User Entry in a Calendar ACL
+### Syntax
+```
+gam calendar <calendar email> update freebusy|read|editor|owner <user email>
+```
+Update the given user's rights to the given calendar. The user should already have explicit access to the calendar. This command will upgrade (or downgrade) the user's access to the desired level of freebusy, read, editor or owner.
+
+**Note:** the special users domain and default can be used instead of an actual user email address to modify public sharing of the calendar. domain applies to all users in the Google Apps organization. default applies to anyone with a Google account (even @gmail.com) and is limited to read or freebusy. Note that your Calendar control panel settings may prevent read sharing of calendars outside the domain in which case you'll get an error trying to set default to read.
+
+### Example
+This example upgrades Bob to be owner of Joe's Calendar:
+```
+gam calendar joe@acme.com update owner bob@acme.com
+```
+
+This example allows anyone with an account in your domain to edit the given resource calendar (including delete others appointments!).
+
+```
+gam calendar example.com_436d6e646572656e6365526f6f6d732d3239352d3372642d5164616d536d6974682d38@resource.calendar.google.com update editor domain
+```
+
+This example allows anyone with a Google account to view Bob's calendar
+```
+gam calendar bob@example.com update read default
+```
+
+---
+
+
+## Deleting Users from a Calendar's ACL
+### Syntax
+```
+gam calendar <calendar email> delete [user <user email>] [id <ACL id>]
+```
+Removes user email rights to the given calendar. Note that the user may still have some level of rights (freebusy or read) to the calendar based on the default level of access to calendars set within the domain. Specifying the ACL by ID is also supported and takes the id column of the [printacl command](#viewing-a-calenders-acl)
+
+**Note:** deleting the domain and default users disables public sharing of your calendar. domain applies to everyone in your Google Apps domain while default applies to everyone with a Google Account.
+
+### Example
+This example removes Bob's direct rights to Joe's calendar
+```
+gam calendar joe@acme.com delete user bob@acme.com
+```
+
+These two examples remove all public sharing of Bob's calendar. Only those with explicit rights will be able to see anything (including freebusy):
+
+```
+gam calendar bob@example.com delete user domain
+gam calendar bob@example.com delete user default
+```
+
+---
+
+
+# Viewing and Modifying a User's List of Calendars
+## Retrieving a Calendar a User Has Listed
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users info calendar <calendar email>
+```
+Displays the details of the users' specific Calendar.
+
+### Example
+This example displays a specific calendar that Bob has added to his Google Calendar app
+```
+gam user bob@acme.com info calendar acme.com_r7vmefng3okeo4l48n4urkjvcg@group.calendar.google.com
+
+User: bob@acme.com's Calendar:
+  Calendar: test
+    ID: acme.com_r7vmefng3okeo4l48n4urkjvcg@group.calendar.google.com
+    Access Level: root
+    Timezone: America/New_York
+    Hidden: false
+    Selected: true
+    Color: #2952A3
+```
+
+## Showing the Calendars a User Has Listed
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users show calendars
+```
+Displays the details of all of the Calendars the user has listed in their Google Calendar.
+
+### Example
+This example lists the calendars that Bob has added to his Google Calendar app
+```
+gam user bob@acme.com show calendars
+
+User: bob@acme.com's Calendars
+  Calendar: bob@acme.com
+    ID: bob@acme.com
+    Access Level: owner
+    Timezone: America/New_York
+    Hidden: false
+    Selected: false
+    Color: #2F6309
+  Calendar: test
+    ID: acme.com_r7vmefng3okeo4l48n4urkjvcg@group.calendar.google.com
+    Access Level: root
+    Timezone: America/New_York
+    Hidden: false
+    Selected: true
+    Color: #2952A3
+  Calendar: Canadian Holidays
+    ID: en.canadian#holiday@group.v.calendar.google.com
+    Access Level: read
+    Timezone: America/New_York
+    Hidden: false
+    Selected: true
+    Color: #2952A3
+```
+
+## Printing the Calendars a User Has Listed
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users print calendars [todrive]
+```
+Display or upload to Google Drive a CSV report of all of the users' calendars. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. 
+
+### Example
+This example lists the calendars that all users have specified in the Calendar app.
+```
+gam all users print calendars
+```
+
+---
+
+
+## Deleting a Calendar from a User(s) List of Calendars
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users delete calendar <calendar email>
+```
+Removes the given calendar from each of the users' list of calendars. Deleting a calendar from a user's calendar list does not change ACLs on the calendar, it simply removes it from the display.
+
+### Example
+This example removes Joe's calendar from Bob's display of calendars.
+```
+gam user bob@acme.com delete calendar joe@acme.com
+```
+
+---
+
+
+## Adding a Calendar to a User(s) List of Calendars
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users add calendar <calendar email> [selected true|false] [hidden true|false] [reminder email|sms|popup <minutes>] [notification email|sms eventcreation|eventchange|eventcancellation|eventresponse|agenda] [summary <summary>] [colorindex <1-24>] [backgroundcolor <htmlcolor>] [foregroundcolor <htmlcolor>]
+```
+Adds the given calendar to each of the users' list of calendars. Adding a calendar to a user's calendar list does not give them any rights to the calendar that they didn't have before. If the user does not have rights to the calendar, use the ACL command above to both grant them rights and add the calendar to their list of calendars.
+
+The optional argument `selected` determines if the calendar is selected in the user's list of subscribed calendars by default. The optional argument `hidden` determines if the calendar is hidden from the user's list of subscribed calendars. The optional argument `reminder` sets the default reminder type and time for calendar events and can be repeated. The optional argument `notification` sets the default notification type for calendar events and can be repeated. The optional argument `summary` overrides the calendar's default name. The optional argument `colorindex` sets the calendar entries colors. Index colors can be viewed [here](http://calendar-colors.appspot.com/). The optional arguments `backgroundcolor` and `foregroundcolor` manually set the calendars colors.
+
+### Example
+The following example adds Bob's calendar to Joe's list of calendars without it being selected in Joe's calendar display.
+
+```
+gam user joe@acme.com add calendar bob@acme.com selected false
+```
+
+---
+
+
+## Updating a Calendar in a User(s) List of Calendars
+### Syntax
+```
+gam user <user>|group <group>|ou <ou>|all users update calendar <calendar email> [selected true|false] [hidden true|false] [reminder (email|sms|popup <minutes>)|clear] [notification (email|sms eventcreation|eventchange|eventcancellation|eventresponse|agenda)|clear] [summary <summary>] [colorindex <1-24>] [backgroundcolor <htmlcolor>] [foregroundcolor <htmlcolor>]
+```
+Update how a given calendar is displayed in a user's list of calendars. The optional argument `selected` determines if the calendar is selected in the user's list of subscribed calendars by default. The optional argument `hidden` determines if the calendar is hidden from the user's list of subscribed calendars. The optional argument `reminder` sets the default reminder type and time for calendar events and can be repeated. The argument `reminder clear` clears all reminders from the calendar. The optional argument `notification` sets the default notification type for calendar events and can be repeated. The argument `notification clear` clears all notifications from the calendar. The optional argument `summary` overrides the calendar's default name. The optional argument `colorindex` sets the calendar entries colors. Index colors can be viewed [here](http://calendar-colors.appspot.com/). The optional arguments `backgroundcolor` and `foregroundcolor` manually set the calendars colors.
+
+### Example
+The following example updates Bob's view of Joe's calendars, changing the color to green.
+
+```
+gam user bob@acme.com update calendar joe@acme.com colorindex 9
+```
+
+---
+
+# Deleting Events for a Calendar
+### Syntax
+```
+gam calendar <email> deleteevent [eventid <id>] [query <query>] [notifyattendees] [doit]
+```
+Delete event(s) off the given calendar. You should specify either the single event ID with the eventid argument or a query to perform against the calendar to determine which events should be deleted. Query operates in a similar fashion to Calendar UIs search but you should test results carefully, a bad query can delete more events than you intended. The optional argument notifyattendees will send event attendees an email notification that the event is cancelled, removed. Because this command involves deletion of user data, GAM will not perform the action by default unless the doit argument is supplied.
+
+# Wiping a User's Primary Calendar
+### Syntax
+```
+gam calendar <user email> wipe
+```
+Wipe all data from a user's primary calendar. **WARNING: This will delete all user events and there is no way to recover them!** Email address must be a Google Apps user. It's not possible to wipe resource or secondary calendars.
+
+### Example
+The following example deletes all data for Joe's Calendar.
+
+```
+gam calendar joe@acme.com wipe
+```
+
+---

docs/Calendars-Access.md

@@ -28,7 +28,7 @@ Calendar ACL roles (as seen in Calendar GUI):
 <CalendarItem> ::= <EmailAddress>
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <CalendarEntity> ::= <CalendarList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
 <CalendarACLScope> ::= <EmailAddress>|user:<EmailAdress>|group:<EmailAddress>|domain:<DomainName>|domain|default

docs/Calendars-Events.md

@@ -63,12 +63,12 @@ Client access works when accessing Resource calendars.
 <CalendarItem> ::= <EmailAddress>
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <CalendarEntity> ::= <CalendarList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <DomainName> ::= <String>(.<String>)+
 <EmailAddress> ::= <String>@<DomainName>
 <EmailAddressList> ::= "<EmailAddess>(,<EmailAddress>)*"
 <EmailAddressEntity> ::= <EmailAddressList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <EventAttachmentsSubfieldName> ::=
         attachments.fileid|
@@ -220,7 +220,7 @@ Client access works when accessing Resource calendars.
         (id|eventid <EventId>) |
         (event|events <EventIdList> |
         <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVSubkeySelector> | <CSVDataSelector>)
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <EventSelectEntity> ::=
         (<EventSelectProperty>+ <EventMatchProperty>*)
 

docs/Calendars.md

@@ -21,7 +21,7 @@ Client access works when accessing Resource calendars.
 <CalendarItem> ::= <EmailAddress>
 <CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
 <CalendarEntity> ::= <CalendarList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <TimeZone> ::= <String>
         See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

docs/Chat-Bot.md

@@ -1,4 +1,4 @@
-# Chat Bot
+!# Chat Bot
 
 - [Notes](#notes)
 - [API documentation](#api-documentation)

docs/Chrome-AUE-Counts.md

@@ -1,4 +1,4 @@
-# Chrome Auto Update Expiration Counts
+!# Chrome Auto Update Expiration Counts
 
 - [Chrome Auto Update Expiration Counts](#chrome-auto-update-expiration-counts)
   - [API documentation](#api-documentation)

docs/Chrome-Browser-Cloud-Management.md

@@ -41,7 +41,7 @@
         (query:<QueryBrowser>)|(query:orgunitpath:<OrgUnitPath>)|(query <QueryBrowser>) |
         (browserou <OrgUnitItem>) | (browserous <OrgUnitList>) |
         <FileSelector> | <CSVFileSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <BrowserAttribute> ::=
         (annotatedassetid|asset|assetid <String>)|

docs/Chrome-Browser-Management.md

@@ -0,0 +1,85 @@
+- [Printing browsers](#printing-browsers)
+- [Moving browsers](#moving-browsers)
+- [Updating browsers](#updating-browsers)
+- [Get info about a browser](#get-info-about-a-browser)
+- [Delete a browser](#delete-a-browser)
+
+GAM 5.30 adds support for the new [Chrome Browser Cloud Management API calls](https://support.google.com/chrome/a/answer/9681204). The API allows you to print, move, update and delete enrolled browsers.
+
+# Printing browsers
+## Syntax
+```
+gam print browsers [query <query>] [projection BASIC|FULL] [todrive] [sort_headers] [fields <fields>]
+```
+Prints enrolled browsers. The optional argument query will limit results to matching browsers. Query format is described [in Google's help articles](https://support.google.com/chrome/a/answer/9681204#example:~:text=You%20can%20specify%20the%20following%20fields,the%20field%20names%20are%20case%20sensitive). By default, GAM only prints basic information about the browsers. The optional argument projection allows selecting FULL which prints a lot more information about each browser including user profiles, policies and extension details. The optional argument todrive will upload the output to a Google Sheet. The optional argument fields specifies a comma separated list of fields you'd like to limit results to.
+
+## Example
+This example prints all browsers.
+```
+gam print browsers
+```
+This example creates a Google Sheet of browsers running on Microsoft Windows
+```
+gam print browsers todrive query "os_platform:Windows"
+```
+----
+## Moving browsers
+### Syntax
+```
+gam move browsers [ids <ids>] [query <query>] [file <file>] [csvfile <csvfile:columnName>] [orgunit <orgunit>] [batch_size <number>]
+```
+Moves the specified browsers from one OrgUnit in Google to another. The browsers must be specified with the ids, query, file or csvfile argument. The orgunit argument specifies the destination of the browsers. By default, GAM will attempt to move 600 browsers at a time which is the max allowed by the API. You can modify this number by specifying batch_size.
+
+### Example
+This example moves all Windows browsers into their own Org Unit.
+```
+gam move browsers query "os_platform:Windows" orgunit /Chrome/Windows
+```
+----
+## Updating browsers
+### Syntax
+```
+gam update browser <id> [user <user>] [location <location>] [notes <notes>] [assetid <assetid>]
+```
+Updates information about a Chrome browser. Information can be set for the user, location, notes and assetid fields.
+
+### Example
+This example updates all four fields
+```
+gam update browser c052d4d7-90b1-407a-911f-c0d05ba0eaeb user jsmith@acme.com location "New York, NY" notes "Browser re-installed on 12/3/20" assetid ABC123
+```
+----
+## Get info about a browser
+### Syntax
+```
+gam info browser <id> [FULL|BASIC] [fields <fields>]
+```
+shows information about a single browser based on the id specified. The optional argument projection retrieves a basic or full list of device attributes. Full includes details like browser profiles, policies and extensions. The optional fields parameter limits which fields are retrieved and printed.
+
+### Example
+This example gets info about a browser
+```
+gam info browser c052d4d7-90b1-407a-911f-c0d05ba0eaeb
+```
+This example shows a LOT of information about the browser
+```
+gam info browser c052d4d7-90b1-407a-911f-c0d05ba0eaeb projection FULL
+```
+This example shows a limited amount of information
+```
+gam info browser c7cf1d21-50af-4419-bf75-67731423a259 fields osPlatform,lastPolicyFetchTime,osPlatformVersion,lastDeviceUser,orgUnitPath
+```
+----
+## Delete a browser
+### Syntax
+```
+gam delete browser <id>
+```
+Deletes the given browser by id. The browser will be removed from Google's admin console and no longer sync policy or reporting. However existing policies will still be applied until the device registration and dm tokens are removed.
+
+### Example
+This example deletes the device.
+```
+gam delete browser c7cf1d21-50af-4419-bf75-67731423a259
+```
+----

docs/Chrome-Installed-Apps.md

@@ -1,4 +1,4 @@
-# Chrome Installed Apps Counts
+!# Chrome Installed Apps Counts
 
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)

docs/Chrome-Needs-Attention-Counts.md

@@ -1,4 +1,4 @@
-# Chrome Device Needs Attention Counts
+!# Chrome Device Needs Attention Counts
 
 - [Chrome Device Needs Attention Counts](#chrome-device-needs-attention-counts)
   - [API documentation](#api-documentation)

docs/Chrome-Policies.md

@@ -1,4 +1,4 @@
-# Chrome Policies
+!# Chrome Policies
 
 - [Chrome Policies](#chrome-policies)
   - [Chrome Version History](Chrome-Version-History)

docs/Chrome-Policy-Settings.md

@@ -0,0 +1,79 @@
+- [Showing Chrome Schema of Policy Settings](#showing-chrome-schema-of-policy-settings)
+- [Showing Current Chrome Policy For An OrgUnit](#showing-current-chrome-policy-for-an-orgunit)
+- [Updating Chrome Policy](#updating-chrome-policy)
+- [Clearing Chrome Policies](#clearing-chrome-policies)
+
+## Showing Chrome Schema of Policy Settings
+### Syntax
+```
+gam show chromeschema [filter <filter>]
+```
+Shows the schema of all possible Chrome policy settings available for your organization. The optional filter argument filters results down to matches. The schema is comprised of the top level schema name which groups the policy settings together, an individual setting, the type of the setting (string, boolean, enum) and possible values for the setting with their description.
+
+### Example
+This example prints the full schema for your organization. A truncated example output is also shown with the parts of the schema. In the example output, the schema name is chrome.users.ChromeBrowserUpdates and controls how browsers update. Within this schema there are three settings, rollbackToTargetVersionEnabled, targetVersionPrefixSetting and updateSetting. rollbackToTargetVersionEnabled and updateSetting are TYPE_ENUM meaning there is a limited set of values they can be set to. These values are described in the lines just after the setting. targetVersionPrefixSetting is TYPE_STRING so it accepts a string value as mentioned in it's description.
+```
+gam show chromeschema
+...
+chrome.users.ChromeBrowserUpdates: Chrome browser updates.
+  rollbackToTargetVersionEnabled: TYPE_ENUM
+    ROLLBACK_TO_TARGET_VERSION_DISABLED: Do not rollback to target version.
+    ROLLBACK_TO_TARGET_VERSION_ENABLED: Rollback to target version.
+  targetVersionPrefixSetting: TYPE_STRING
+    Target version prefix. Specifies which version the Chrome browser should be updated to. When a value is set, Chrome will be updated to the version prefixed with this value. For example, if the value is '55.', Chrome will be updated to any minor version of 55 (e.g. 55.24.34.0 or 55.60.2.10). If the value is '55.2.', Chrome will be updated to any minor version of 55.2 (e.g. 55.2.34.100 or 55.2.2.1). If the value is '55.24.34.1', Chrome will be updated to that specific version only. Chrome may stop updating or not rollback if the specified version is more than three major milestones old.
+  updateSetting: TYPE_ENUM
+    UPDATES_DISABLED: Updates disabled.
+    UPDATES_ENABLED: Always allow updates.
+    MANUAL_UPDATES_ONLY: Manual updates only.
+    AUTOMATIC_UPDATES_ONLY: Automatic updates only.
+...
+```
+----
+
+## Showing Current Chrome Policy For An OrgUnit
+### Syntax
+```
+gam show chromepolicy orgunit <orgunit> [printer_id <id>] [app_id <id>]
+```
+Shows the current Chrome policies for the given OrgUnit. The optional argument printer_id will scope the returned policies to those set on the given printer. The optional argument app_id will scope the returned policies to those set on the given app.
+
+### Example
+This example prints policies for the root OrgUnit.
+```
+gam show chromepolicy orgunit /
+```
+This example shows policies for the identified printer.
+```
+gam show chromepolicy orgunit / printer_id 0gjdgxs3dgp3kj
+```
+----
+
+## Updating Chrome Policy
+### Syntax
+```
+gam update chromepolicy [orgunit <orgunit>] [printer_Id <id>] [app_id <id>] schema1 setting1 value setting2 value schema2 setting1 value ...
+```
+Updates the policy settings of the given OrgUnit. The optional printer_id and app_id specify a printer or app to set policy for. Policies involve a schema name, the specific setting of the schema and a value. You can set multiple schemas and settings with one command but they must all apply to the same OrgUnit / printer / app.
+
+### Example
+This example sets Chrome to limit updates to version 89 for the /Browsers OrgUnit. Browsers on newer versions will be rolled back.
+```
+gam update chromepolicy orgunit /Browsers chrome.users.ChromeBrowserUpdates rollbackToTargetVersionEnabled ROLLBACK_TO_TARGET_VERSION_ENABLED targetVersionPrefixSetting "89." updateSetting UPDATES_ENABLED
+```
+This example blocks notifications except for specific URLs
+```
+gam update chromepolicy orgunit /Browsers chrome.users.Notifications defaultNotificationsSetting BLOCK_NOTIFICATIONS notificationsAllowedForUrls *.google.com,*.salesforce.com,*.youtube.com
+```
+
+## Clearing Chrome Policies
+### Syntax
+```
+gam delete policy [orgunit <orgunit>] [printer_id <id>] [app_id <id>] schema1 schema2 schema3 ...
+```
+Clears the settings for the given schema so that they inherit from their parent OrgUnit or, in the case of the / root OrgUnit, inherit from the Google default setting. The optional printer_id and app_id specify a specific printer or app to clear the policies for. Multiple schemas can be cleared by specifying each one separated by spaces but the policies must all apply to the given OrgUnit / printer / app combo.
+
+### Example
+This example clears the Chrome update and notification policies for the /Browsers OrgUnit. They will then inherit either from the / root OrgUnit if set there or from the Google default setting.
+```
+gam delete chromepolicy orgunit /Browsers chrome.users.Notifications chrome.users.ChromeBrowserUpdates
+```

docs/Chrome-Printers.md

@@ -1,4 +1,4 @@
-# Chrome Printers
+!# Chrome Printers
 - [API documentation](#api-documentation)
 - [Notes](#notes)
 - [Definitions](#definitions)

docs/Chrome-Version-Counts.md

@@ -1,4 +1,4 @@
-# Chrome Version Counts
+!# Chrome Version Counts
 
 - [Chrome Version Counts](#chrome-version-counts)
   - [API documentation](#api-documentation)

docs/Chrome-Version-History.md

@@ -1,4 +1,4 @@
-# Chrome Version History
+!# Chrome Version History
 
 - [Chrome Version History](#chrome-version-history)
   - [API documentation](#api-documentation)

docs/ChromeOS-Devices.md

@@ -86,7 +86,7 @@ The second form is backwards compatible with Legacy GAM and selection with `<CrO
 <SerialNumberList> ::= "<SerialNumber>(,<SerialNumber>)*"
 <SerialNumberEntity> ::=
         <SerialNumberList> | <FileSelector> | <CSVFileSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <CrOSEntity> ::=
         <CrOSIDList> | (cros_sn <SerialNumberList>) |

docs/Classroom-Courses.md

@@ -48,50 +48,50 @@ gam user user@domain.com check|update serviceaccount
 <CourseAliasList> ::= "<CourseAlias>(,<CourseAlias>)*"
 <CourseAliasEntity> ::=
         <CourseAliasList>|<FileSelector>|<CSVFileSelector>|<CSVkmdSelector>|<CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseAnnouncementID> ::= <Number>
 <CourseAnnouncementIDList> ::= "<CourseAnnouncementID>(,<CourseAnnouncementID>)*"
 <CourseAnnouncementIDEntity> ::=
         <CourseAnnouncementIDList>|<FileSelector>|<CSVFileSelector>|<CSVkmdSelector>|<CSVSubkeySelector>|<CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseAnnouncementState> ::= draft|published|deleted
 <CourseAnnouncementStateList> ::= all|"<CourseAnnouncementState>(,<CourseAnnouncementState>)*"
 <CourseID> ::= <Number>|d:<CourseAlias>
 <CourseIDList> ::= "<CourseID>(,<CourseID>)*"
 <CourseEntity> ::=
         <CourseIDList>|<FileSelector>|<CSVFileSelector>|<CSVkmdSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseMaterialID> ::= <Number>
 <CourseMaterialIDList> ::= "<CourseMaterialID>(,<CourseMaterialID>)*"
 <CourseMaterialState> ::= draft|published|deleted
 <CourseMaterialStateList> ::= all|"<CourseMaterialState>(,<CourseMaterialState>)*"
 <CourseMaterialIDEntity> ::=
         <CourseMaterialIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVSubkeySelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseState> ::= active|archived|provisioned|declined|suspended
 <CourseStateList> ::= all|"<CourseState>(,<CourseState>)*"
 <CourseSubmissionID> ::= <Number>
 <CourseSubmissionIDList> ::= "<CourseSubmissionID>(,<CourseSubmissionID>)*"
 <CourseSubmissionIDEntity> ::=
         <CourseSubmissionIDList>|<FileSelector>|<CSVFileSelector>|<CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseSubmissionState> ::= new|created|turned_in|returned|reclaimed_by_student
 <CourseSubmissionStateList> ::= all|"<CourseSubmissionState>(,<CourseSubmissionState>)*"
 <CourseTopic> ::= <String>
 <CourseTopicList> ::= "<CourseTopic>(,<CourseTopic>)*"
 <CourseTopicEntity> ::=
         <CourseTopicList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseTopicID> ::= <Number>
 <CourseTopicIDList> ::= "<CourseTopicID>(,<CourseTopicID>)*"
 <CourseTopicIDEntity> ::=
         <CourseTopicIDList>|<FileSelector>|<CSVFileSelector>|<CSVkmdSelector>|<CSVSubkeySelector>|<CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseWorkID> ::= <Number>
 <CourseWorkIDList> ::= "<CourseWorkID>(,<CourseWorkID>)*"
 <CourseWorkIDEntity> ::=
         <CourseWorkIDList>|<FileSelector>|<CSVFileSelector>|<CSVkmdSelector>|<CSVSubkeySelector>|<CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseWorkState> ::= draft|published|deleted
 <CourseWorkStateList> ::= all|"<CourseWorkState>(,<CourseWorkState>)*"
 

docs/Classroom-Guardians.md

@@ -22,13 +22,13 @@
 <GuardianItemList> ::= "<GuardianItem>(,<GuardianItem>)*"
 <GuardianEntity> ::=
         <GuardianList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <StudentItem> ::= <EmailAddress>|<UniqueID>|<String>
 <GuardianInvitationID> ::= <String>
 <GuardianInvitationIDList> ::= "<GuardianInvitationId>(,<GuardianInvitationID>)*"
 <GuardianInvitationIDEntity> ::=
         <GuardianInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <GuardianState> ::= complete|pending
 <GuardianStateList> ::= "<GuardianState>(,<GuardianState>)*"
 ```

docs/Classroom-Invitations.md

@@ -34,13 +34,13 @@ Follow the directions to authorize the Service Account scopes.
 <ClassroomInvitationIDList> ::= "<ClassroomInvitationID>(,<ClassroomInvitationID>)*"
 <ClassroomInvitationIDEntity> ::=
         <ClassroomInvitationIDList> | <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseAlias> ::= <String>
 <CourseID> ::= <Number>|d:<CourseAlias>
 <CourseIDList> ::= "<CourseID>(,<CourseID>)*"
 <CourseEntity> ::=
         <CourseIDList> | <FileSelector> | <CSVFileSelector | <CSVkmdSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseState> ::= active|archived|provisioned|declined|suspended
 <CourseStateList> ::= all|"<CourseState>(,<CourseState>)*"
 ```

docs/Classroom-Membership.md

@@ -25,7 +25,7 @@
 <CourseIDList> ::= "<CourseID>(,<CourseID>)*"
 <CourseEntity> ::=
         <CourseIDList> | <FileSelector> | <CSVFileSelector | <CSVkmdSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <CourseState> ::= active|archived|provisioned|declined|suspended
 <CourseStateList> ::= all|"<CourseState>(,<CourseState>)*"
 ```

docs/Cloud-Channel.md

@@ -1,4 +1,4 @@
-# Cloud Channel
+!# Cloud Channel
 - [API documentation](#api-documentation)
 - [Notes](#notes)
 - [Definitions](#definitions)

docs/Cloud-Identity-Devices.md

@@ -1,4 +1,4 @@
-# Cloud Identity Devices
+!# Cloud Identity Devices
 - [API documentation](#api-documentation)
 - [Query documentation](#query-documentation)
 - [Definitions](#definitions)

docs/Cloud-Identity-Groups-Membership.md

@@ -63,7 +63,7 @@ and Cloud Identity Premium accounts. Unfortunately, even if you have the require
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupEntity> ::=
         <GroupList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <GroupRole> ::= owner|manager|member
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
 <CIGroupType> ::= customer|group|other|serviceaccount|user
@@ -227,7 +227,7 @@ If `actioncsv` is specified, a CSV file with columns `group,email,role,action,me
 that shows the actions performed when updating the group.
 
 ### Examples using CSV file and Google sheets:
-* https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Users#examples-using-csv-files-and-google-sheets-to-update-the-membership-of-a-group
+* https://github.com/GAM-team/GAM/wiki/Collections-of-Users#examples-using-csv-files-and-google-sheets-to-update-the-membership-of-a-group
 
 ### Example
 Assume that at your school there is a group for each grade level and the members come from an OU; here is a sample CSV file GradeOU.csv

docs/Cloud-Identity-Groups.md

@@ -60,7 +60,7 @@ and Cloud Identity Premium accounts. Unfortunately, even if you have the require
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupEntity> ::=
         <GroupList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <GroupRole> ::= owner|manager|member
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
 <CIGroupType> ::= customer|group|other|serviceaccount|user

docs/Cloud-Storage.md

@@ -1,4 +1,4 @@
-# Cloud Storage
+!# Cloud Storage
 - [API documentation](#api-documentation)
 - [Notes](#notes)
 - [Definitions](#definitions)

docs/Collections-of-ChromeOS-Devices.md

@@ -1,4 +1,4 @@
-# Collections of ChromeOS Devices
+!# Collections of ChromeOS Devices
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [Organization Unit Quoting](#organization-unit-quoting)

docs/Collections-of-Items.md

@@ -1,4 +1,4 @@
-# Collections of Items
+!# Collections of Items
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [ListSelector](#listselector)

docs/Collections-of-Users.md

@@ -1,4 +1,4 @@
-# Collections of Users
+!# Collections of Users
 - [Python Regular Expressions](Python-Regular-Expressions) Match function
 - [Definitions](#definitions)
 - [List quoting rules](#list-quoting-rules)

docs/Command-Data-From-Google-Docs-Sheets-Storage.md

@@ -1,4 +1,4 @@
-# Command data from Google Docs, Sheets and Cloud Storage
+!# Command data from Google Docs, Sheets and Cloud Storage
 - [Introduction](#introduction)
 - [Definitions](#definitions)
 - [Read data from a Google Doc or Drive File](#read-data-from-a-google-doc-or-drive-file)

docs/Command-Line-Parsing.md

@@ -1,4 +1,4 @@
-# Command Line Parsing
+!# Command Line Parsing
 - [Linux and MacOS](#linux-and-macos)
 - [Windows Command Prompt](#windows-command-prompt)
 - [Windows PowerShell](#windows-powershell)

docs/Command-Logging-Progress.md

@@ -1,4 +1,4 @@
-# Command Logging and Progress
+!# Command Logging and Progress
 - [Introduction](#introduction)
 - [GAM Configuration](gam.cfg)
 - [Command Logging](#command-logging)

docs/Custom-Schemas.md

@@ -0,0 +1,71 @@
+- [Creating a Custom User Schema](#creating-a-custom-user-schema)
+- [Updating a Custom User Schema](#updating-a-custom-user-schema)
+- [Print All Custom User Schemas](#print-all-custom-user-schemas)
+- [Show All Custom User Schemas](#show-all-custom-user-schemas)
+- [Get One Custom User Schema](#get-one-custom-user-schema)
+- [Deleting a Custom User Schema](#deleting-a-custom-user-schema)
+
+# Creating a Custom User Schema
+## Syntax
+```
+gam create schema <schemaname>
+ field <fieldname> type <bool|double|email|int64|phone|string>
+ [indexed] [restricted] [multivalued]
+ [range <minimum> <maximum>]
+ endfield
+```
+Create a new custom user schema. *schemaname* is the name of the schema to create. You can have up to 100 schemas in your Google Apps instance and each schema can have up to 100 fields defined. *fieldname* is the name of the field. *type* is required and specifies the type of the field. bool, double, email, int64, phone and string are the allowed types. The optional parameter *indexed* specifies that searching will be performed on this field. The optional parameter *restricted* specifies that only super administrators and the user can read the field value(s), other users will not have access. The optional parameter *multivalued* specifies that the field can contain multiple values per-user. The optional parameter *range* is required to permit range queries (greater than or less than) on number fields. The *endfield* parameter is necessary to end the given field. Once a schema is created, schema values can be set for users with [gam user create and update commands](https://github.com/jay0lee/GAM/wiki/GAM3DirectoryCommands#setting-custom-user-schema-fields-at-create-or-update).
+
+## Example
+This example creates a StudentData schema with the fields id, grade and labels. The id field will be hidden from regular users (restricted) and indexed. The labels field will be multivalue. This example also shows how you would set this schema for an existing user.
+```
+gam create schema StudentData
+ field id type string indexed restricted endfield
+ field grade type int64 endfield
+ field labels type string multivalued endfield
+
+gam update user tommy.jones
+ StudentData.id 839342028
+ StudentData.grade 1
+ StudentData.labels multivalue TRANSFER_STUDENT
+ StudentData.labels multivalue HONOR_ROLL 
+```
+
+# Updating a Custom User Schema
+## Syntax
+```
+gam update schema <schemaname>
+ field <fieldname> type <bool|double|email|int64|phone|string>
+  [indexed] [restricted] [multivalue]
+  [range <minimum> <maximum>]
+  endfield
+```
+Update a custom user schema. Note that many schema update operations aren't possible in order to preserve existing user data. As a rule of thumb, schemas should be well thought out when first created as after-the-fact changes can prove challenging. schemaname is the name of the schema to create. You can have up to 100 schemas in your Google Apps instance and each schema can have up to 100 fields defined. fieldname is the name of the field. type is required and specifies the type of the field. bool, double, email, int64, phone and string are the allowed types. The optional parameter indexed specifies that searching will be performed on this field. The optional parameter restricted specifies that only super administrators and the user themself can read the field value(s), other users will not have access. The optional parameter multivalued specifies that the field can contain multiple values per-user. The endfield parameter is necessary to end the given field. Schema values can be set for users with [gam user create and update commands](https://github.com/jay0lee/GAM/wiki/GAM3DirectoryCommands#setting-custom-user-schema-fields-at-create-or-update).
+
+# Print All Custom User Schemas
+## Syntax
+```
+gam print schemas [todrive]
+```
+Print all custom user schemas. Output displays all schema fields and attributes such as restricted, indexed, multivalue, etc. The optional `todrive` argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+# Show All Custom User Schemas
+## Syntax
+```
+gam show schemas
+```
+Display all custom user schemas in a formatted style. Output displays all schema fields and attributes such as restricted, indexed, multivalue, etc.
+
+# Get Info On One Custom User Schema
+## Syntax
+```
+gam info schema <schemaname>
+```
+Get info about one custom user schema. Output displays the schemas fields and attributes such as restricted, indexed, multivalue, etc. Schema values can be set for users with [gam user create and update commands](https://github.com/jay0lee/GAM/wiki/GAM3DirectoryCommands#setting-custom-user-schema-fields-at-create-or-update).
+
+# Deleting a Custom User Schema
+## Syntax
+```
+gam delete schema <schemaname>
+```
+Delete a custom user schema. Deleting the schema also removes user data for the given schema.

docs/Customer.md

@@ -1,4 +1,4 @@
-# Customer
+!# Customer
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Update customer](#update-customer)

docs/Data-Transfers.md

@@ -0,0 +1,75 @@
+- [Request a Data Transfer](#request-a-data-transfer)
+- [Get Information About a Data Transfer](#get-information-about-a-data-transfer)
+- [Print All Data Transfers](#print-all-data-transfers)
+- [Print Information About Apps That Support Data Transfer](#print-information-about-apps-that-support-data-transfer)
+
+# Request a Data Transfer
+## Syntax
+```
+gam create datatransfer <old owner> <app> <new owner> (<parameter> <value>)*
+```
+Creates a data transfer request. Old owner is the source user whose data will be transferred. App is the name of the application data to transfer. New owner is the target user that will receive the data. Depending on the app, optional parameters can be specified which determine the scope of data to be transferred.
+
+## Example
+This example transfers all Drive files for oldguy@acme.com to newguy@acme.com
+```
+gam create datatransfer oldguy@acme.com gdrive newguy@acme.com privacy_level shared,private
+```
+This example transfers only Drive files shared by terminated@acme.com to manager@acme.com
+```
+gam create datatransfer terminated@acme.com gdrive manager@acme.com privacy_level shared
+```
+This example transfers Calendar entries from oldguy to newguy and releases calendar resources booked by oldguy.
+```
+gam create datatransfer oldguy@acme.com calendar newguy@acme.com release_resources true
+```
+---
+
+# Get Information About a Data Transfer
+## Syntax
+```
+gam info datatransfer <id>
+```
+Get information about an existing data transfer including the status.
+
+## Example
+This example shows the status of a given data transfer.
+```
+
+gam info datatransfer AKrEtIYIysvNvudwY69gEtJNb85tK87Py2SJl8uwq78BxSMMRgn46rWtuKPIxmkWehZ_YJguKbSs
+Old Owner: sarah@acme.com
+New Owner: announce@acme.com
+Request Time: 2015-09-29T20:45:28.085Z
+Application: Drive
+Status: completed
+Parameters:
+ PRIVACY_LEVEL: PRIVATE,SHARED
+```
+---
+# Print All Data Transfers
+## Syntax
+```
+gam print datatransfers [oldowner <email>] [newowner <email>] [status <completed|failed|inProgress>] [todrive]
+```
+Prints a CSV of all data transfers. With no parameters, all transfers will be printed. The oldowner, newowner and status parameters limit the output to results which match. The todrive parameter causes GAM to generate a Google Spreadsheet of the results rather than outputting the CSV file to the console.
+
+## Example
+This example prints all transfers
+```
+gam print datatransfers
+```
+This example prints all transfers that have failed to a Google Spreadsheet.
+```
+gam print datatransfers status failed todrive
+```
+---
+
+# Print Information About Apps That Support Data Transfer
+## Syntax
+```
+gam print transferapps
+```
+
+Prints information about all apps which support data transfer.
+
+---

docs/Domain-People-Contacts-Profiles.md

@@ -31,7 +31,7 @@ gam user user@domain.com check serviceaccount
 <PeopleResourceNameList> ::= "<PeopleResourceName>(,<PeopleResourceName>)*"
 <PeopleResourceNameEntity> ::=
         <PeopleResourceNameNameList> | <FileSelector> | <CSVFileSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 
 <PeopleSourceName> ::=
         contact|contacts|

docs/Domain-SharedContacts-GAL.md

@@ -55,7 +55,7 @@
 <ContactIDList> ::= "<ContactID>(,<ContactID>)*"
 <ContactEntity> ::=
         <ContactIDList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <ContactSelection> ::=
         [query <QueryContact>]
         [emailmatchpattern <RegularExpression> [emailmatchtype work|home|other|<String>]]
@@ -208,7 +208,7 @@ You specify contacts by ID or by selection qualifiers.
 <ContactIDList> ::= "<ContactID>(,<ContactID>)*"
 <ContactEntity> ::=
         <ContactIDList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <ContactSelection> ::=
         [query <QueryContact>]
         [emailmatchpattern <RegularExpression> [emailmatchtype work|home|other|<String>]]

docs/DomainVerification.md

@@ -0,0 +1,128 @@
+- [Getting Verification Codes For A Domain](#getting-verification-codes-for-a-domain)
+- [Performing Domain Verification](#performing-domain-verification)
+- [Getting info about existing successful domain verifications](#getting-info-about-existing-successful-domain-verifications)
+
+GAM 3.04 and later allows admins to generate the details for domain verification as well as attempt the actual verify and print out existing verifications.
+
+In order to use a domain with G Suite, all primary, secondary and alias domains must be verified. Once an admin verifies a domain, they will be able to add it and it's subdomains as secondary and alias domains in G Suite.
+
+It's important to understand that the verification codes are unique to each user. If admin A generates the verification codes and admin B attempts to verify those codes, it will fail.
+
+# Getting Verification Codes For A Domain
+## Syntax
+```
+gam create verify <domain>
+```
+Displays the DNS and Web server verification codes that are needed in order to verify the given domain name.
+
+## Example
+This example shows the DNS and Web codes that would need to be created in order for the admin to verify the example.com domain.
+```
+gam create verify example.com
+
+TXT Record Name:   example.com
+TXT Record Value:  google-site-verification=ORsLMhIHCe2TFX3jeSgRpUk4A4WfywZ9znTS
+sjfWDbE
+
+CNAME Record Name:   3umntkhyge7x.example.com
+CNAME Record Value:  gv-so2ram4atzoczj.dv.googlehosted.com
+
+Saving web server verification file to: google38973a5e4d01f5ee.html
+Verification File URL: http://example.com/google38973a5e4d01f5ee.html
+
+Meta URL:               http://example.com/
+Meta HTML Header Data:  <meta name="google-site-verification" content="ORsLMhIHC
+e2TFX3jeSgRpUk4A4WfywZ9znTSsjfWDbE" />
+```
+
+---
+
+
+# Performing Domain Verification
+## Syntax
+```
+gam update verify <domain> <CNAME|TXT|SITE>
+```
+Attempt domain verification of the given domain using the given method (cname, txt or site). In order for verification to succeed, the domain's DNS or Web Server must have been updated to contain the correct record.
+
+## Example
+This example attempts DNS TXT record verification of the example.com domain (and is expected to fail).
+```
+gam update verify example.com txt
+
+ERROR: The necessary verification token could not be found on your site.
+Method:  DNS_TXT
+Token:      google-site-verification=ORsLMhIHCe2TFX3jeSgRpUk4A4WfywZ9znTSsjfWDbE
+
+DNS Record: $Id: example.com 1921 2013-10-21 04:00:39Z dknight $
+DNS Record: v=spf1 -all
+```
+
+This example attempts DNS TXT record verification of the jay.powerposters.org domain and succeeds.
+```
+gam update verify jay.powerposters.org txt
+
+SUCCESS!
+Verified:  jay.powerposters.org
+ID:  dns%3A%2F%2Fjay.powerposters.org
+Type: INET_DOMAIN
+All Owners:
+ admin@jay.powerposters.org
+
+You can now add jay.powerposters.org or it's subdomains as secondary or domain aliases of the jay.powerposters.org G Suite Account.
+```
+
+---
+
+
+# Getting info about existing successful domain verifications
+## Syntax
+```
+gam info verify
+```
+Prints out a list of the DNS domains that the given administrator has already successfully performed domain verification against.
+
+## Example
+This example prints out all the existing domain verifications for admin@jay.powerposters.org.
+```
+gam info verify
+
+Site: secondary.ditoapps.com
+Type: INET_DOMAIN
+Owners:
+ admin@jay.powerposters.org
+
+Site: sdomain.jay.powerposters.org
+Type: INET_DOMAIN
+Owners:
+ admin@jay.powerposters.org
+
+Site: jay.powerposters.org
+Type: INET_DOMAIN
+Owners:
+ admin@jay.powerposters.org
+
+Site: jaylee.powerposters.org
+Type: INET_DOMAIN
+Owners:
+ admin@jay.powerposters.org
+
+Site: http://sites.google.com/a/jay.powerposters.org/my-site/
+Type: SITE
+Owners:
+ jay@jay.powerposters.org
+ admin@jay.powerposters.org
+
+Site: http://sites.google.com/a/jay.powerposters.org/my-site2/
+Type: SITE
+Owners:
+ jay@jay.powerposters.org
+ admin@jay.powerposters.org
+
+Site: vtest.powerposters.org
+Type: INET_DOMAIN
+Owners:
+ admin@jay.powerposters.org
+```
+
+---

docs/Domains-Verification.md

@@ -1,4 +1,4 @@
-# Domains - Verification
+!# Domains - Verification
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Introduction](#introduction)

docs/Domains.md

@@ -1,4 +1,4 @@
-# Domains
+!# Domains
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Create a domain](#create-a-domain)

docs/Downloads-Installs-GAM7.md

@@ -1,56 +0,0 @@
-# Downloads-Installs-GAM7
-You can download and install the current GAM7 release from the [GitHub Releases](https://github.com/GAM-team/GAM/releases/latest) page.
-Choose one of the following:
-
-* Executable Archive, Automatic, Linux/Mac OS/Google Cloud Shell/Raspberry Pi/ChromeOS
-  - Start a terminal session and execute one of the following commands:
-  - New install, default path `$HOME/bin`
-    - `bash <(curl -s -S -L https://git.io/gam-install)`
-  - New install, specify a path
-    - `bash <(curl -s -S -L https://git.io/gam-install) -d <Path>`
-  - Update to latest version, do not create project or authorizations, default path `$HOME/bin`
-    - `bash <(curl -s -S -L https://git.io/gam-install) -l`
-  - Update to latest version, do not create project or authorizations, specify a path
-    - `bash <(curl -s -S -L https://git.io/gam-install) -l -d <Path>`
-
-By default, a folder, `gam7`, is created in the default or specified path and the files are downloaded into that folder.
-Add the `-s` option to the end of the above commands to suppress creating the `gam7` folder; the files are downloaded directly into the default or specified path.
-
-* Executable Archive, Manual, Linux/Google Cloud Shell
-  - `gam-7.wx.yz-linux-x86_64-glibc2.35.tar.xz`
-  - `gam-7.wx.yz-linux-x86_64-glibc2.31.tar.xz`
-  - `gam-7.wx.yz-linux-x86_64-legacy.tar.xz`
-  - Download the archive, extract the contents into some directory.
-  - Start a terminal session.
-
-* Executable Archive, Manual, Raspberry Pi/ChromeOS ARM devices
-  - `gam-7.wx.yz-linux-aarch-glibc2.31.tar.xz`
-  - `gam-7.wx.yz-linux-aarch-legacy.tar.xz`
-  - Download the archive, extract the contents into some directory.
-  - Start a terminal session.
-
-* Executable Archive, Manual, Mac OS versions Big Sur, Monterey, Ventura - M1/M2
-  - `gam-7.wx.yz-macos-aarch.tar.xz`
-  - Download the archive, extract the contents into some directory.
-  - Start a terminal session.
-
-* Executable Archive, Manual, Mac OS, versions Big Sur, Monterey, Ventura - Intel
-  - `gam-7.wx.yz-macos-x86_64.tar.xz`
-  - Download the archive, extract the contents into some directory.
-  - Start a terminal session.
-
-* Executable Archive, Manual, Windows 64 bit
-  - `gam-7.wx.yz-windows-x86_64.zip`
-  - Download the archive, extract the contents into some directory.
-  - Start a Command Prompt/PowerShell session.
-
-* Executable Installer, Manual, Windows 64 bit
-  - `gam-7.wx.yz-windows-x86_64.msi`
-  - Download the installer and run it.
-  - Start a Command Prompt/PowerShell session.
-
-* Source, all platforms
-  - `Source code(zip)`
-  - `Source code(tar.gz)`
-  - Download the archive, extract the contents into some directory.
-  - Start a terminal/Command Prompt/PowerShell session.

docs/Downloads-Installs.md

@@ -1,62 +1,54 @@
-# Downloads-Installs
+!# Downloads-Installs-GAM7
-You can download and install the current GAM7 release from the [GitHub Releases](https://github.com/taers232c/GAMADV-XTD3/releases) page. Choose one of the following:
+You can download and install the current GAM7 release from the [GitHub Releases](https://github.com/GAM-team/GAM/releases/latest) page.
+Choose one of the following:
 
 * Executable Archive, Automatic, Linux/Mac OS/Google Cloud Shell/Raspberry Pi/ChromeOS
   - Start a terminal session and execute one of the following commands:
   - New install, default path `$HOME/bin`
-    - `bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh)`
+    - `bash <(curl -s -S -L https://git.io/gam-install)`
   - New install, specify a path
-    - `bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh) -d <Path>`
+    - `bash <(curl -s -S -L https://git.io/gam-install) -d <Path>`
   - Update to latest version, do not create project or authorizations, default path `$HOME/bin`
-    - `bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh) -l`
+    - `bash <(curl -s -S -L https://git.io/gam-install) -l`
   - Update to latest version, do not create project or authorizations, specify a path
-    - `bash <(curl -s -S -L https://raw.githubusercontent.com/taers232c/GAMADV-XTD3/master/src/gam-install.sh) -l -d <Path>`
+    - `bash <(curl -s -S -L https://git.io/gam-install) -l -d <Path>`
 
-By default, a folder, `gamadv-xtd3`, is created in the default or specified path and the files are downloaded into that folder.
+By default, a folder, `gam7`, is created in the default or specified path and the files are downloaded into that folder.
-Add the `-s` option to the end of the above commands to suppress creating the `gamadv-xtd3` folder; the files are downloaded directly into the default or specified path.
+Add the `-s` option to the end of the above commands to suppress creating the `gam7` folder; the files are downloaded directly into the default or specified path.
 
 * Executable Archive, Manual, Linux/Google Cloud Shell
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-glibc2.35.tar.xz`
+  - `gam-7.wx.yz-linux-x86_64-glibc2.35.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-glibc2.31.tar.xz`
+  - `gam-7.wx.yz-linux-x86_64-glibc2.31.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-glibc2.27.tar.xz`
+  - `gam-7.wx.yz-linux-x86_64-legacy.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-glibc2.23.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-glibc2.19.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-x86_64-legacy.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Raspberry Pi/ChromeOS ARM devices
-  - `gamadv-xtd3-6.wx.yz-linux-arm64-glibc2.31.tar.xz`
+  - `gam-7.wx.yz-linux-aarch-glibc2.31.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-arm64-glibc2.27.tar.xz`
+  - `gam-7.wx.yz-linux-aarch-legacy.tar.xz`
-  - `gamadv-xtd3-6.wx.yz-linux-arm64-glibc2.23.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Mac OS versions Big Sur, Monterey, Ventura - M1/M2
-  - `gamadv-xtd3-6.wx.yz-macos-arm64.tar.xz`
+  - `gam-7.wx.yz-macos-aarch.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Mac OS, versions Big Sur, Monterey, Ventura - Intel
-  - `gamadv-xtd3-6.wx.yz-macos-x86_64.tar.xz`
+  - `gam-7.wx.yz-macos-x86_64.tar.xz`
   - Download the archive, extract the contents into some directory.
   - Start a terminal session.
 
 * Executable Archive, Manual, Windows 64 bit
-  - `gamadv-xtd3-6.wx.yz-windows-x86_64.zip`
+  - `gam-7.wx.yz-windows-x86_64.zip`
   - Download the archive, extract the contents into some directory.
   - Start a Command Prompt/PowerShell session.
 
 * Executable Installer, Manual, Windows 64 bit
-  - `gamadv-xtd3-6.wx.yz-windows-x86_64.msi`
+  - `gam-7.wx.yz-windows-x86_64.msi`
   - Download the installer and run it.
   - Start a Command Prompt/PowerShell session.
 
-* Winget
-  - `winget install taers232c.GAMADV-XTD3 --location C:\GAMADV-XTD3`
-  - Specify an alternate location if desired
-  - Start a Command Prompt/PowerShell session.
-  
 * Source, all platforms
   - `Source code(zip)`
   - `Source code(tar.gz)`

docs/Drive-File-Selection.md

@@ -319,7 +319,7 @@ You can select a list of file IDs by referencing files that contain file IDs.
 ```
 <DriveFileEntity> ::=
         <FileSelector> | <CSVFileSelector> | <CSVkmdSelector> | <CSVSubkeySelector>) | <CSVDataSelector>)
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 ```
 * [Collections of Items](Collections-of-Items)
 

docs/Drive-Items.md

@@ -1,4 +1,4 @@
-# Drive Items
+!# Drive Items
 - [Basic Items](Basic-Items)
 - [List Items](List-Items)
 ```

docs/Drive-REST-API-v3.md

@@ -1,4 +1,4 @@
-All Google Drive API calls have been converted from v2 to v3, see: https://developers.google.com/drive/v3/web/migration
+!All Google Drive API calls have been converted from v2 to v3, see: https://developers.google.com/drive/v3/web/migration
 Many of the changes are internal to Gam and have no visible effect. Google has modified/renamed many field names and these will affect scripts that parse the output from `gam print/show drivesettings/drivefileacls/fileinfo/filelist/filerevisions`. Additionally, Google has dropped some fields and their values are no longer available. On input, Gam accepts both the old and new field names.
 
 A variable, `drive_v3_native_names` (default value is True), has been added to `gam.cfg` to control the field names on output: when True, the v3 native field names are used; when False, the v3 native field names are mapped to the v2 field names.

docs/Email-Audit-Monitor.md

@@ -1,4 +1,4 @@
-# Email Audit Monitor
+!# Email Audit Monitor
 - [API documentation](#api-documentation)
 - [Notes](#notes)
 - [Definitions](#definitions)

docs/ExamplesAccountAuditing.md

@@ -0,0 +1,317 @@
+- [About Google Apps Audits](#about-google-apps-audits)
+- [Audit Monitors](#audit-monitors)
+  - [Create a Audit Monitor](#create-a-audit-monitor)
+  - [List Audit Monitors](#list-audit-monitors)
+  - [Delete an Audit Monitor](#delete-an-audit-monitor)
+- [Managing the GPG Key](#managing-the-gpg-key)
+  - [Updating the GPG Key on Google's Servers](#updating-the-gpg-key-on-googles-servers)
+- [User Account Activity](#user-account-activity)
+  - [Request an Account's Activity](#request-an-accounts-activity)
+  - [Retrieving Current Status of Activity Request(s)](#retrieving-current-status-of-activity-requests)
+  - [Downloading the Results of a Completed Activity Request](#downloading-the-results-of-a-completed-activity-request)
+  - [Deleting a Completed Activity Request](#deleting-a-completed-activity-request)
+- [User Mailbox Exports](#user-mailbox-exports)
+  - [Request an Export of a User's Mailbox](#request-an-export-of-a-users-mailbox)
+  - [Retrieving Current Status of Export(s)](#retrieving-current-status-of-exports)
+  - [Downloading the Results of a Completed Export Request](#downloading-the-results-of-a-completed-export-request)
+  - [Deleting a Completed Export Request](#deleting-a-completed-export-request)
+- [Using GPG with Audits](#using-gpg-with-audits)
+  - [Creating/Uploading a GPG Key](#creatinguploading-a-gpg-key)
+    - [Downloading GPG](#downloading-gpg)
+      - [Windows Users](#windows-users)
+      - [Linux Users](#linux-users)
+      - [Mac Users](#mac-users)
+    - [Creating/Uploading the Key](#creatinguploading-the-key)
+    - [Uploading the GPG Key](#uploading-the-gpg-key)
+  - [Decrypting Downloaded Files with GPG](#decrypting-downloaded-files-with-gpg)
+
+# About Google Apps Audits
+```diff
+- Most of the Email Audit API's functionality has been replaced/improved upon
+- by Google's Vault and email routing functionality. GAM 3.8+ no longer supports
+- the email audit commands listed below. If you need to use these audit commands,
+- use GAM 3.72 or older. No support is provided for these commands going forward.
+```
+
+# Audit Monitors
+## Create a Audit Monitor
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit monitor create <source user> <destination user> [begin <begin date>] [end <end date>]  [incoming_headers]
+  [outgoing_headers] [nochats] [nodrafts] [chat_headers] [draft_headers]
+```
+create an audit monitor for the source user. All Mail to and from the source user will be forwarded to the destination user. By default, the audit will begin immediately and last for 30 days. Optional parameters begin and end can set the start and end times. Both parameters must be in the future with end being later than begin, the format is "YYYY-MM-DD hh:mm". Optional parameters, incoming\_headers and outgoing\_headers configure the audit to not send the given message's full email body but just the message headers. By default, the audit will also forward the source user's Chats and saved message Drafts. The optional parameters nochats and nodrafts disable forwarding of these type of messages. The optional parameters chat\_headers and draft\_headers tell the audit to only send the headers of the given messages instead of the full message body.
+
+Only one audit is possible per a source and destination user combo. Creating a new audit with the same source and destination of an existing audit will overwrite the settings of the current of the existing audit.
+
+### Example
+This example configures an audit of the source user, forwarding full copies of all incoming, outgoing, chat and draft messages to the destination user. The audit will start immediately and terminate in 30 days time
+```
+gam audit monitor create jsmith fthomas
+```
+
+This example will start the audit on the given date and end it on the given date. Only message headers of each type will be sent to fthomas
+```
+gam audit monitor create jsmith fthomas begin "2010-07-15 12:00" end "2011-07-15 12:00"
+  incoming_headers outgoing_headers chat_headers draft_headers
+```
+
+This example will not capture drafts or chats
+```
+gam audit monitor create jsmith fthomas nochats nodrafts
+```
+
+---
+
+
+## List Audit Monitors
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit monitor list <source user>
+```
+shows the current audit monitors for the user source user.
+
+This example will list the current monitors for the user jsmith
+```
+gam audit monitor list jsmith
+
+jsmith has the following monitors:
+
+ Destination: fthomas
+  Begin: 2010-07-04 12:00
+  End: 2010-08-05 12:00
+  Monitor Incoming: HEADER_ONLY
+  Monitor Outgoing: HEADER_ONLY
+  Monitor Chats: NONE
+  Monitor Drafts: NONE
+```
+
+---
+
+
+## Delete an Audit Monitor
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit monitor delete <source user> <destination user>
+```
+delete the audit monitor for the given source user / destination user combo.
+
+This example deletes the monitor that is sending all jsmith's mail to fthomas
+```
+gam audit monitor delete jsmith fthomas
+```
+
+---
+
+
+# Managing the GPG Key
+## Updating the GPG Key on Google's Servers
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit uploadkey
+```
+updates the public GPG key that Google's servers use to encrypt Audit Activity and Export files. The key should be provided on Standard Input. See [Using GPG with Audits](ExamplesAccountAuditing#using-gpg-with-audits) for more details on GPG keys.
+
+This example tells GPG to print the key on standard output and gam reads the key on standard input
+```
+gpg --export --armor | gam audit uploadkey
+```
+
+---
+
+
+# User Account Activity
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+## Request an Account's Activity
+```
+gam audit activity request <user>
+```
+request the account activity of the given user. Requests can take several hours/days to be completed by Google's servers. GAM will print out a request ID which can be used to monitor the progress of the request (see Retrieving Request Status below). Note that before requesting an account's activity, a GPG key should be uploaded to Google Servers. See [Using GPG with Audits](ExamplesAccountAuditing#Using_GPG_with_Audits) for more details on GPG keys. Failure to upload a key will result in the activity request always getting a status of ERROR.
+
+This example creates a request for the user's activity
+```
+gam audit activity request jsmith
+```
+
+---
+
+
+## Retrieving Current Status of Activity Request(s)
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit activity status [user] [request_id]
+```
+get the current status of existing account activity requests. Optionally, a user and request\_id can be specified to limit the retrieval to a single request.
+
+This example retrieves the status of all current activity requests
+```
+gam audit activity status
+```
+
+---
+
+
+## Downloading the Results of a Completed Activity Request
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit activity download <user> <request_id>
+```
+download the results of an activity request that has a status of COMPLETED. The required parameters user and request\_id specify which request to download. The GPG encrypted activity file will be saved to a file named with the format activity-username-request\_id-1.txt.gpg and should be decrypted with GPG.
+
+This example downloads the encrypted activity log of the COMPLETED request
+```
+gam audit activity download jsmith 234342
+```
+
+---
+
+
+## Deleting a Completed Activity Request
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit activity delete <user> <request_id>
+```
+delete the completed activity request for the given user. User and Request ID are required parameters.
+
+This example deletes the completed activity request for the user
+```
+gam audit activity delete jsmith 234342
+```
+
+---
+
+
+# User Mailbox Exports
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+## Request an Export of a User's Mailbox
+```
+gam audit export request <user> [begin <Begin Date>] [end <End Date>] [search <Search Query>] [headersonly] [includedeleted]
+```
+request an export of all mail in a user's mailbox. Optional parameters begin and end date specify the range of messages that should be included in the export and should be of the format "YYYY-MM-DD hh:mm". By default, export begins at account creation and ends at the time of the export request. Optional parameter search, specifies a search query defining what messages should be included in the export. The query parameters are the same as those used in the Gmail interface and described [here](http://mail.google.com/support/bin/answer.py?hl=en&answer=7190). Optional parameter headersonly specifies that only the message headers should be included in the export instead of the full message body. Optional parameter includedeleted specifies that deleted messages should also be included in the export.
+
+Note that before requesting an export of an account, a GPG key should be uploaded to Google's Server. See [Using GPG with Audits](ExamplesAccountAuditing#Using_GPG_with_Audits) for more details on GPG keys. Failure to upload a key will result in the export request always getting a status of ERROR.
+
+This example requests an export of all of a user's mail including deleted messages
+```
+gam audit export request jsmith includedeleted
+```
+
+This example requests an export of all of a user's mail for a 30 day range including deleted
+```
+gam audit export request jsmith begin "2010-06-01 00:00" end "2010-07-01 00:00" includedeleted
+```
+
+This example requests an export of all of a user's mail that has the word secret in the message subject
+```
+gam audit export request jsmith search "subject:secret"
+```
+
+---
+
+
+## Retrieving Current Status of Export(s)
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit export status [user] [request_id]
+```
+retrieve the status of current export requests. If the optional parameters user and request\_id are specified, only the status of the one request will be retrieved, otherwise all current requests' status will be retrieved.
+
+This example shows the status of all current export requests
+```
+gam audit export status
+```
+
+---
+
+
+## Downloading the Results of a Completed Export Request
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit export download <user> <request_id>
+```
+download the encrypted results of a completed export request. The required parameters user and request\_id specify which request's results should be downloaded. The encrypted files are saved with file names of export-username-request\_id-file\_number.mbox.gpg. If a file already exists on the hard drive, GAM will not re-download that file. GAM does not verify that the existing local file is complete, only that it exists. Thus if a download is interrupted, delete the partially downloaded file and start the process again, GAM will then skip over the files that have finished downloading. After they have been downloaded, they can be decrypted with GPG and then viewed with a mail client like Thunderbird.
+
+This example downloads the completed export request for jsmith
+```
+gam audit export download jsmith 344920
+```
+
+---
+
+
+## Deleting a Completed Export Request
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+```
+gam audit export delete <user> <request_id>
+```
+delete the completed export request. The required parameters user and request\_id specify which request to delete.
+
+This example deletes the export request for the given user
+```
+gam audit export delete jsmith 344920
+```
+
+
+# Using GPG with Audits
+## Creating/Uploading a GPG Key
+**This command is deprecated and will not work in GAM 3.8+**. [Details](#about-google-apps-audits)
+### Syntax
+Google's Servers use GPG to encrypt files that you request via the Audit API for account activity and mailbox export. Before you can successfully request a user account activity log or mailbox export, you need to create a GPG and upload it to Google's Servers for their use.
+### Downloading GPG
+#### Windows Users
+A Windows version of GPG can be downloaded [here](ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.10b.exe). I suggest installing it to an easy to remember location like C:\GPG.
+
+#### Linux Users
+GPG comes with many Linux distributions by default. Try opening a Terminal and typing:
+```
+gpg --version
+```
+if you get an error, visit your Linux Distributions website and search for instructions on installing GPG.
+
+#### Mac Users
+You can download a version of GPG for Macs [here](https://gpgtools.org/). Download the GPG Suite and run the package installer. The GUI suite will open. You can quit it and continue as below or use the GUI to generate your key.
+
+### Creating/Uploading the Key
+Run the command:
+```
+gpg --gen-key --expert
+```
+you will be prompted for the kind of key you want, choose "RSA and RSA (default)".
+
+Next you'll be prompted for the keysize. This determines how strong the encryption is. If you're not paranoid about security, I suggest choosing a smaller key size as bigger keys will take longer to encrypt/decrypt your data thus greatly slowing down the process (especially for large exports), 1024 should be fine in most cases.
+
+Next you'll be prompted for how long the key should be valid. Specify 0 so that the key does not expire.
+
+Next you'll be prompted for your name, email address and a comment. Remember the name you enter, you'll need it for the next step. Google doesn't really use this information so feel free to make something up if you want.
+
+Finally, you'll be prompted for a passphrase, you'll need this passphrase in order to decrypt activity logs and exports so make sure you remember what it is!
+
+### Uploading the GPG Key
+You can now upload your key to Google's Servers with the command:
+```
+gpg --export --armor -a "Your Name" | \path\to\gam\gam audit uploadkey
+```
+where "Your Name" is the name you entered for yourself in the last GPG command. This will output the GPG key and "pipe" it into GAM, telling GAM to upload the key to Google.
+
+## Decrypting Downloaded Files with GPG
+Once you've submitted requests, the requests complete and you download requests, you can decrypt the data with GPG. The command to decrypt is:
+```
+gpg --output <new decrypted file> --decrypt <encrypted file> 
+```
+encrypted file is one of the files GAM downloaded from a completed activity or export request. In the case of exports, you may have multiple files to decrypt. Here's an example decrypt command:
+```
+gpg --output jsmith-activity.txt --decrypt c:\gam\activity-jsmith-34231-1.txt.gpg
+```
+this will create a file jsmith-activity.txt with the decrypted results.

docs/ExamplesCSV.md

@@ -0,0 +1,155 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**  *generated with [DocToc](http://doctoc.herokuapp.com/)*
+
+- [Printing All Users](#printing-all-users)
+    - [Syntax](#syntax)
+    - [Example](#example)
+  - [users.csv contains:](#userscsv-contains)
+  - [Smith, wsmith@example.com, William,](#smith-wsmith@examplecom-william)
+  - [](#)
+- [Printing All Groups](#printing-all-groups)
+    - [Syntax](#syntax-1)
+    - [Examples](#examples)
+  - [](#-1)
+- [Print All Aliases](#print-all-aliases)
+    - [Syntax](#syntax-2)
+    - [Example](#example-1)
+  - [](#-2)
+- [Print All Organizational Units](#print-all-organizational-units)
+    - [Syntax](#syntax-3)
+    - [Example](#example-2)
+  - [](#-3)
+- [Print All Resource Calendars](#print-all-resource-calendars)
+    - [Syntax](#syntax-4)
+    - [Example](#example-3)
+  - [](#-4)
+- [Print Reports](#print-reports)
+    - [Syntax](#syntax-5)
+    - [Example](#example-4)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+(TODO: Add table of contents.)
+
+_**Comments have been turned off for these help pages, please post your questions and comments to the [Mailing List](http://groups.google.com/group/google-apps-manager)**_
+
+# Printing All Users
+
+### Syntax
+```
+gam print users [firstname] [lastname] [username] [ou] [suspended] [changepassword] [agreed2terms] [admin] [aliases] [groups]
+```
+prints a CSV file of all users in the Google Apps Organization. The CSV output can be redirected to a file using the operating system's pipe command (such as "> users.csv") see examples below. By default, the only column printed is the user's full email address. The optional arguments firstname, lastname, username, ou (organization unit), suspended, changepassword, agreed2terms, admin, nicknames and groups add the respective additonal column to the CSV output. Note that adding one or more of firstname, lastname, suspended, changepassword, agreed2terms or admin will require an additional call to Google's servers and will increase the length of time for the command to complete. Adding aliases will also require an additional call to Google's servers. Note also that adding  groups will require 1 additional call to Google's servers <b>per user</b> which will significantly increase the length of time for the command to complete.
+
+### Example
+This example will generate the csv file users.csv showing with columns for Email, Firstname and Lastname
+```
+gam print users firstname lastname > users.csv
+Getting all users in the organization (may take some time on a large Google Apps
+ account)...
+Getting detailed info for users in example.com domain (may take some time on a large
+ domain)...
+
+users.csv contains:
+--
+Lastname, Email, Firstname,
+User, admin@example.com, Super,
+Jones, pjones@example, Paul,
+Smith, wsmith@example.com, William,
+--
+```
+
+---
+
+
+# Printing All Groups
+### Syntax
+```
+gam print groups [name] [description] [members] [managers] [owners] [settings] [domain <domainname>] [admincreated] [id] [aliases] [todrive]
+```
+prints a CSV file of all groups in the Google Apps domain. The CSV output can be redirected to a file using the operating system's pipe command (such as "> groups.csv") see examples below. By default, the only column printed is the email address. The optional arguments name and description add the respective additional column to the CSV output. The optional arguments members, managers, owners and settings each perform additional API calls per group which may greatly increase the time it takes the command to complete. members, managers and owners will include a column for the respective role. settings will add multiple columns for the groups advanced settings. domain will limit the results to groups that have a primary address in the supplied domain. admincreated will include a True/False column in the results, False being user-created groups. aliases will add 2 columns to the output, Aliases and nonEditableAliases. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+### Examples
+this example will output basic details for all groups and upload the results to Google Drive.
+```
+gam print groups name description todrive
+```
+
+---
+
+
+# Print All Aliases
+### Syntax
+```
+gam print aliases [todrive]
+```
+prints a CSV file of all user and group aliases in the Google Apps domain. The CSV output can be redirected to a file using the operating system's pipe command (such as "> nicknames.csv") see examples below. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+### Example
+this example will output all aliases to Google Drive
+```
+gam print nicknames todrive
+```
+
+---
+
+
+# Print All Organizational Units
+### Syntax
+```
+gam print orgs [name] [description] [parent] [inherit]
+```
+prints a CSV file of all organizational units in the Google Apps account. The CSV output can be redirected to a file using the operating system's pipe command (such as "> orgs.csv") see examples below. By default, the only column output is "Path" (OUs full path). The optional arguments name, description, parent and inherit add the respective additonal column to the CSV output. Only 1 call to Google's servers is done no matter which arguments are specified so the optional arguments should not significantly increase the time it takes for the command to complete.
+
+### Example
+this example will output all organizations to the file orgs.csv including all optional columns
+```
+gam print orgs name description parent inherit > orgs.csv
+```
+
+---
+
+
+# Print All Resource Calendars
+### Syntax
+```
+gam print resources [id] [description] [email]
+```
+prints a CSV file of all resource calendars in the Google Apps account. The CSV output can be redirected to a file using the operating system's pipe command (such as "> resources.csv") see examples below. By default, the only column output is "Name"The optional arguments id, description and email add the respective additonal column to the CSV output. Only 1 call to Google's servers is done no matter which arguments are specified so the optional arguments should not significantly increase the time it takes for the command to complete.
+
+### Example
+this example will output all resource calendars to the file resources.csv including all optional columns
+```
+gam print resources id description email > resources.csv
+```
+
+---
+
+
+# Print Reports
+### Syntax
+```
+gam report accounts|activity|disk_space|email_clients|summary [YYYY-MM-DD]
+```
+Prints one of 5 Google Apps reports:
+  * The **accounts** report contains a list of all of the hosted accounts that exist in your domain on a particular day. The report includes both active accounts and suspended accounts. The status column will indicate whether each account is active or suspended. The field definitions for the accounts report can be found [here](http://code.google.com/googleapps/domain/reporting/google_apps_reporting_api.html#Accounts_Report).
+  * The **activity** report identifies the total number of accounts in your domain as well as the number of active and idle accounts over several different time periods. In this report, activity encompasses user interaction with his email, such as reading or sending email. The activity statistics includes web mail as well as POP activity. The field definitions for the activity report can be found [here](http://code.google.com/googleapps/domain/reporting/google_apps_reporting_api.html#Activity_Report).
+  * The **disk\_space** report shows the amount of disk space occupied by users' mailboxes. The report identifies the total number of accounts in your domain as well as the number of accounts that fall into several different size groupings. Mailboxes that occupy less than 1GB of disk space are grouped in increments of 100MB, and mailboxes that occupy between 1GB and 10GB of disk space are grouped in increments of 500MB. The field definitions for the disk\_space report can be found [here](http://code.google.com/googleapps/domain/reporting/google_apps_reporting_api.html#Disk_Space_Report).
+  * The **email\_clients** report explains how users in your domain access their hosted accounts on a day-by-day basis. For each day, the report lists the total number of accounts in your domain as well as the number and percentage of users who accessed their accounts using WebMail. This report does not include suspended accounts in the account total. The field definitions for the email\_clients report can be found [here](http://code.google.com/googleapps/domain/reporting/google_apps_reporting_api.html#Email_Clients_Report).
+  * The **summary** report contains the total number of accounts, total mailbox usage in bytes and total mailbox quota in megabytes for your domain. Each row in the report contains data for one day. This report does not include information for suspended accounts. The field definitions for the summary report can be found [here](http://code.google.com/googleapps/domain/reporting/google_apps_reporting_api.html#Summary_Report).
+
+optionally, a date can be specified in YYY-MM-DD format. The report for the given day will be pulled. If not specified, the report for the most recent day that has passed 12pm Pacific time will be pulled (e.g. today or yesterday if it's not yet noon Pacific time).
+
+**Note:** unlike the "gam print" commands, the report commands offer a snapshot of activity on a Google Apps domain for the given day, they are not realtime. For example, if you create a new user and then pull the accounts report, that user will not be included. It will take 24-48 hours before the user is included in the most recent accounts report.
+
+### Example
+This command will pull the most recently available accounts report.
+```
+gam report accounts
+```
+
+This example will pull the summary report from last month.
+```
+gam report summary 2011-11-30
+```

docs/ExamplesEmailSettings.md

@@ -0,0 +1,897 @@
+- [Signatures and Away Messages](#signatures-and-away-messages)
+  - [Setting a Signature](#setting-a-signature)
+  - [Retrieving a Signature](#retrieving-a-signature)
+  - [Enabling/Disabling and Setting a Vacation (Away) Message](#enablingdisabling-and-setting-a-vacation-away-message)
+  - [Retrieving Vacation Settings](#retrieving-vacation-settings)
+- [Labels and Filters](#labels-and-filters)
+  - [Create a Label](#create-a-label)
+  - [Retrieving User's Labels](#retrieving-users-labels)
+  - [Delete a Label](#delete-a-label)
+  - [Create a Filter](#create-a-filter)
+  - [Retrieve a Filter](#retrieve-a-filter)
+  - [Delete a Filter](#delete-a-filter)
+  - [Print Filter Details](#print-filter-details)
+  - [Show Filter Details](#show-filter-details)
+- [IMAP, POP](#imap-pop)
+  - [Setting IMAP Settings](#setting-imap-settings)
+  - [Retrieving IMAP Settings](#retrieving-imap-settings)
+  - [Setting POP Settings](#setting-pop-settings)
+  - [Retrieving POP Settings](#retrieving-pop-settings)
+- [Send As](#send-as)
+  - [Add a Send As Address (Custom From)](#add-a-send-as-address-custom-from)
+  - [Update a Send As Address](#update-a-send-as-address)
+  - [Delete a Send As Address](#delete-a-send-as-address)
+  - [Retrieve a Send As Address](#retrieve-a-send-as-address)
+  - [Print Send As Addresses](#print-send-as-addresses)
+  - [Show Send As Addresses](#show-send-as-addresses)
+- [Forwarding](#forwarding)
+  - [Add a Forwarding Address](#add-a-forwarding-address)
+  - [Delete a Forwarding Address](#delete-a-forwarding-address)
+  - [Retrieve a Forwarding Address](#retrieve-a-forwarding-address)
+  - [Print Forwarding Addresses](#print-forwarding-addresses)
+  - [Show Forwarding Addresses](#show-forwarding-addresses)
+  - [Setting a Forward](#setting-a-forward)
+  - [Print Forward Settings](#print-forward-settings)
+  - [Show Forward Settings](#show-forward-settings)
+- [Delegates](#delegates)
+  - [Creating a Gmail delegate](#creating-a-gmail-delegate)
+  - [Deleting a Gmail delegate](#deleting-a-gmail-delegate)
+  - [Print Gmail delegates](#print-gmail-delegates)
+  - [Show Gmail delegates](#show-gmail-delegates)
+  - [Creating a Contact delegate](#creating-a-contact-delegate)
+  - [Deleting a Contact delegate](#deleting-a-contact-delegate)
+  - [Print Contact delegates](#print-contact-delegates)
+  - [Show Contact delegates](#show-contact-delegates)
+- [Managing S/MIME Certificates](#managing-smime-certificates)
+  - [Adding S/MIME Certificates](#adding-smime-certificates)
+  - [Updating S/MIME Certificates](#updating-smime-certificates)
+  - [Deleting S/MIME Certificates](#deleting-smime-certificates)
+  - [Show/Print S/MIME Certificates](#show-print-smime-certificates)
+- [Hiding/Unhiding users from the domain contacts](#hidingunhiding-users-from-the-domain-contacts)
+  - [Changing a users profile to hidden/unhidden](#changing-a-users-profile-to-hiddenunhidden)
+  - [Showing users profile hidden/unhidden status](#showing-users-profile-hiddenunhidden-status)
+- [User Profile Photos](#user-profile-photos)
+  - [Updating Profile Photos](#updating-profile-photos)
+  - [Getting Profile Photos](#getting-profile-photos)
+  - [Deleting Profile Photos](#deleting-profile-photos)
+- [Managing User Email](#managing-user-email)
+  - [Modifying User Emails](#modifying-user-emails)
+  - [Deleting or Trashing User Emails](#deleting-trashing-or-untrashing-user-emails)
+  - [Sending Email as a User](#sending-email-as-a-user)
+  - [Dropping Emails into a User Mailbox](#dropping-emails-into-a-user-mailbox)
+  - [Drafting Emails for a User](#drafting-emails-for-a-user)
+- [Print/Show User Gmail Profile](#print-show-user-gmail-profile)
+  - [Print User Gmail Profile](#print-user-gmail-profile)
+  - [Show User Gmail Profile](#show-user-gmail-profile)
+- [Managing User Display Language](#managing-user-display-language)
+  - [Set User Language](#set-user-language)
+  - [Get User Language](#get-user-language)
+
+# Signatures and Away Messages
+## Setting a Signature
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users [signature <signature text>] [file <signature file>] [replyto <EmailAddress>] (replace <Tag> <String>)*
+```
+sets a email signature for the given users' primary email address. Use quotes around the signature text if it contains spaces (which it almost certainly will). New lines can be specified with \n. HTML can also be used. An empty string like "" will disable the signature. Use the optional `file` argument to specify a filename that contains the signature text. This is easier for long, complex signatures.  Use the optional `replyto` argument to specify a reply to address for use with this signature. The optional argument `replace` can be used to insert values into the signature text. Every instance of {`Tag`} in the signature will be replaced by `String`. Instances of the form {RT}...{`Tag`}...{/RT} will be eliminated if that `Tag` was not specified or if `Tag` was specified but the accompanying `String` is empty. {RT} and {/RT} are eliminated from the signature.
+### Example
+This example sets all user's signatures to be:
+```
+Acme Inc
+1321 Main Ave
+http://www.acme.com
+```
+
+```
+gam all users signature
+ "Acme Inc<br>1321 Main Ave<br>http://www.acme.com
+```
+
+This example reads the signature from a file:
+```
+gam user bob@example.com signature file bobs-sig.txt
+```
+
+This example reads the signature from an HTML file:
+```
+gam user sue@example.com signature file sues-html-sig.html html
+```
+----
+
+## Retrieving a Signature
+### Syntax
+```
+gam
+ user <username> | group <groupname>| ou <ouname> | all users show signature [format]
+```
+Shows the email signature for the given users. By default, the raw HTML of the signature is shown, the optional argument `format` causes the HTML to be interpreted.
+
+### Example
+This example shows all user's signature
+
+```
+gam all users show signature
+```
+----
+
+## Enabling/Disabling and Setting a Vacation (Away) Message
+### Syntax
+```
+gam
+ user <username> | group <groupname> | ou <ouname> | all users
+ vacation on|off subject <subject text> [message <message text>] | [file <message file>] [html]
+ startdate <YYYY-MM-DD> enddate <YYYY-MM-DD>
+ [contactsonly] [domainonly]
+ (replace <Tag> <String>)*
+```
+enable or disable a vacation/away message for the given users. `subject <subject text>` will set the away message subject. `message <message text>` will set the away message text. Use quotes around `<subject text>` and `<message text>` if they contain spaces (which they probably will). If `file` is specified instead of message, the message will be read from the given text file. In `<message text>`, \n will be replaced with a new line. The optional argument `html` says to interpret the message text as HTML. Except for the simplest messages, you should specify `html` even if your message doesn't contain HTML as Google does unexpected line wrapping when `html` is not specified. The optional `startdate` and `enddate` arguments set a start and end date for the vacation message to be enabled. The optional argument `contactsonly` will only send away messages to persons in the user's Contacts. The optional argument `domainonly` will prevent vacation messages from going to users outside the Google Apps domain. The optional argument `replace` can be used to insert values into the away message text. Every instance of {`Tag`} in the message will be replaced by `String`. Instances of the form {RT}...{`Tag`}...{/RT} will be eliminated if that `Tag` was not specified or if `Tag` was specified but the accompanying `String` is empty. {RT} and {/RT} are eliminated from the message.
+
+### Example
+This example sets the away message for the user
+```
+gam user epresley vacation on subject "Elvis has left the building"
+ message "I will be on Mars for the next 100 years. I'll get back to you when I return.\n\nElvis"
+```
+
+This example reads the message from a text file:
+```
+gam user bob@example.com vacation on subject "I am away" file bobs-away-message.txt
+```
+----
+
+## Retrieving Vacation Settings
+### Syntax
+```
+gam
+ user <username> | group <groupname> |ou <ouname> | all users show vacation [format]
+```
+Show the given user's vacation message and settings. By default, the plain text or raw HTML of the vacation message is shown, the optional argument `format` causes the HTML to be interpreted.
+
+## Example
+This example shows the vacation settings for jsmith
+```
+gam user jsmith show vacation
+```
+
+# Labels and Filters
+## Create a Label
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users label <label name>
+```
+create a Gmail Label for the given users. Use quotes around the label name if it contains spaces. Labels are described <a href='http://mail.google.com/support/bin/answer.py?hl=en&answer=118708'>here.</a>
+
+### Example
+This example creates a label called New Label for all users
+```
+gam all users label "New Label"
+```
+
+## Retrieving User's Labels
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show labels [onlyuser] [showcounts]
+```
+Show the labels for the given users. If the optional argument `onlyuser` is specified, default labels including inbox, unread, drafts, sent, chat, muted, spam, trash, popped, and contactcsv will not be shown. Label visibility will also be reported. If the optional argument `showcounts` is specified, message and thread counts will be show for each label.
+
+### Example
+This example shows the labels for all members of the marketing group
+```
+gam group marketing show labels
+```
+
+## Delete a Label
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete label <label name>
+```
+delete the given label for the given users.  Use quotes around the label name if it contains spaces. Labels are described <a href='http://mail.google.com/support/bin/answer.py?hl=en&answer=118708'>here.</a>
+
+### Example
+This example deletes a label called Old Label for all users
+```
+gam all users delete label "Old Label"
+```
+
+## Create a Filter
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users filter
+  from <email>|to <email>|subject <words>|haswords <words>|nowords <words>|musthaveattachment
+  label <label name>|markread|archive|star|forward <email address>|trash|neverspam|important|notimportant
+```
+Create a Filter for the given users. Filter must have one or more conditions (from, to, subject, haswords, nowords or musthaveattachment) and one or more actions (label, markread, archive, star, forward, trash, neverspam, important or notimportant). You do not need to create a label before creating a filter that labels messages, creating a filter that labels messages will automatically create the label. **Filters** are described <a href='http://mail.google.com/support/bin/answer.py?hl=en&answer=6579'>here</a> and **Search operators** <a href='https://support.google.com/mail/answer/7190?hl=en'>here</a>.
+
+### Examples
+This example creates a filter for the user john that labels messages from dianne@gmail.com and archives them (thus they will only appear under the label)
+
+```
+gam user john filter from dianne@gmail.com label Dianne archive
+```
+This example creates a filter for the user john that marks messages from dianne@gmail.com as category:primary and stars them (hint: you can find **all predefined Lable/Category types** [here](https://developers.google.com/gmail/api/guides/labels))
+
+```
+gam user john filter from dianne@gmail.com label "CATEGORY_PERSONAL" star
+```
+
+This example creates a filter for the user john that labels messages from anyuser@anysubdomain.example.com and anyuser@example.com and marks messages to never send to spam (hint: `-me` avoids **Sent messages** to show up in the INBOX)
+
+```
+gam user john filter from "-me AND .example.com OR example.com" label "thrusted" neverspam
+```
+
+## Retrieve a Filter
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users info filters <FilterIDList>
+```
+
+Display details of a list of specific filters.
+
+## Delete a Filter
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete filters <FilterIDList>
+```
+
+Delete a list of filters of a user.
+
+## Print Filter Details
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print filters [todrive]
+```
+Display or upload to Google Drive a CSV report of all of a users' filters. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+## Show Filter Details
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show filters
+```
+Display details of all of a users' filters.
+
+# IMAP, POP
+## Setting IMAP Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users imap on|off [noautoexpunge] [expungebehavior archive|deleteforever|trash] [maxfoldersize 0|1000|2000|5000|10000]<br>
+```
+turn IMAP on or off for given users. There are three options:<br>
+`noautoexpunge`: If this value is not specified, Gmail will immediately expunge a message when it is marked as deleted in IMAP. When specified, Gmail will wait for an update from the client before expunging messages marked as deleted.
+`expungebehavior`: The action that will be executed on a message when it is marked as deleted and expunged from the last visible IMAP folder. The acceptable values are: "archive": Archive messages marked as deleted; "deleteforever": Immediately and permanently delete messages marked as deleted. The expunged messages cannot be recovered; "trash": Move messages marked as deleted to the trash.
+`maxfoldersize`: An optional limit on the number of messages that an IMAP folder may contain. Legal values are 0, 1000, 2000, 5000 or 10000. A value of zero is interpreted to mean that there is no limit.
+
+### Example
+This example will turn IMAP on for all current users in the domain.
+```
+gam all users imap on
+```
+
+## Retrieving IMAP Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show imap
+```
+shows the given users' current IMAP settings.
+
+### Example
+This example shows all user's IMAP status.<br>
+```
+gam all users show imap<br>
+```
+
+
+## Setting POP Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users pop on|off [for allmail|newmail] [action keep|archive|delete|markread]<br>
+```
+turn POP3 on or off for given users, "for allmail" will expose all Inbox mail to the POP client while "for newmail" will expose only mail received after POP was enabled. POPped mail can be left alone (keep), archived (archive), deleted (delete) or marked read (markread). If the for and action arguments are not specified, all mail will be popped and kept in the Inbox.
+
+### Example
+This example will turn POP on for any users in the group students. All mail in the Inbox will be exposed to the POP client and POPped emails will be kept in the Inbox.
+```
+gam group students pop on
+```
+
+This example will turn POP on for Bob but only for new mail he receives. Mail will be archived after it is popped:
+```
+gam user bob@example.com pop on for newmail action archive
+```
+
+
+## Retrieving POP Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show pop
+```
+show the given users' POP settings.
+
+### Example
+This example shows the pop settings for the group students
+```
+gam group students show pop
+```
+
+# Send As
+## Add a Send As Address (Custom From)
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users sendas <EmailAddress> <Name> [signature <String>|(file <FileName>) [replyto <EmailAddress>] [default] [treatasalias <Boolean>] (replace <Tag> <String>)*
+```
+Add `<EmailAddress>` as one of the given users' send as addresses (also called Custom From). `<Name>` is the nice name users see with the email (Use quotes if `<name>` includes spaces). Each send as address can have its own signature. See <a href='https://github.com/jay0lee/GAM/wiki/ExamplesEmailSettings#setting-a-signature'>Setting a Signature</a>. Optionally, `default` specifies that this should be the address used for outgoing mail by default (user can choose which address mail is sent from when they compose). Also optional, `replyto <EmailAddress>` specifies a Reply To address to be used when mail is sent out via this sendas. See <a href='https://support.google.com/a/answer/1710338?ctx=gmail&hl=en&authuser=0&visit_id=1-636106946018751865-4063694491&rd=1'>here</a> for a description of the `treatasalias <Boolean>` argument. The optional argument `replace` can be used to insert values into the signature text. Every instance of {`Tag`} in the signature will be replaced by `String`. Instances of the form {RT}...{`Tag`}...{/RT} will be eliminated if that `Tag` was not specified or if `Tag` was specified but the accompanying `String` is empty. {RT} and {/RT} are eliminated from the signature.
+
+****Warning:**** Google has recently taken steps to limit what email addresses forwards can be set to via the API (and thus via GAM).
+See <a href='http://googleappsupdates.blogspot.com/2010/05/gmail-now-requires-verification-of.html'>this blog post</a> for details about what domains you can set forwards to.
+Generally you are limited to forwarding to your primary domain, alias and secondary domains and subdomains of those.
+
+### Example
+This example adds mtodd as one of alincoln's send as addresses.
+```
+gam user alincoln sendas mtodd "First Lady" replyto mtodd signature "Mary"
+```
+
+## Update a Send As Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users update sendas <EmailAddress> [name <Name>] [signature <String>|(file <FileName> ) (replace <Tag> <String>)*] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
+```
+Update the characteristics of  `<EmailAddress>` as one of the given users' send as addresses. See above for a description of the arguments.
+
+### Example
+This example updates mtodd as one of alincoln's send as addresses.
+```
+gam user alincoln update sendas mtodd name "Abe's Wife"
+```
+
+## Delete a Send As Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete sendas <EmailAddress>
+```
+Delete `<EmailAddress>` as one of the given users' send as addresses.
+
+### Example
+This example deletes alincoln's send as address mtodd.
+```
+gam user alincoln delete sendas mtodd
+```
+
+## Retrieve a Send As Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users info sendas <EmailAddress> [format]
+```
+Shows the status of `<EmailAddress>` as one of the given users' send as addresses.
+
+### Example
+This example shows the status of alincoln's send as address mtodd.
+```
+gam user alincoln info sendas mtodd
+```
+
+## Print Send As Addresses
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print sendas [todrive]
+```
+Display or upload to Google Drive a CSV report of users' send as addresses. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+### Example
+This example outputs all users send as addressess in a CSV format.
+```
+gam all users print sendas
+```
+
+## Show Send As Addresses
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show sendas [format]
+```
+Shows the given users' send as addresses.
+
+### Example
+This example shows alincoln's send as addresses.
+```
+gam user alincoln show sendas
+```
+# Forwarding
+## Add a Forwarding Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users add forwardingaddress <EmailAddress>
+```
+Add `<EmailAddress>` as one of the given users' forwarding addresses.
+****Warning:**** Google has recently taken steps to limit what email addresses forwards can be set to via the API (and thus via GAM). See <a href='http://googleappsupdates.blogspot.com/2010/05/gmail-now-requires-verification-of.html'>this blog post</a> for details about what domains you can set forwards to. Generally you are limited to forwarding to your primary domain, alias and secondary domains and subdomains of those.
+
+### Example
+This example adds mtodd as one of alincoln's forwarding addresses.
+```
+gam user alincoln add forwardingaddress mtodd
+```
+
+## Delete a Forwarding Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete forwardingaddress <EmailAddress>
+```
+Delete `<EmailAddress>` as one of the given users' forwarding addresses.
+
+### Example
+This example deletes alincoln's forwarding address mtodd.
+```
+gam user alincoln delete forwardingaddress mtodd
+```
+
+## Retrieve a Forwarding Address
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users info forwardingaddresses <EmailAddress>
+```
+Shows the status of `<EmailAddress>` as one of the given users' forwarding addresses.
+
+### Example
+This example shows the status of alincoln's forwarding address mtodd.
+```
+gam user alincoln info forwardingaddress mtodd
+```
+
+## Print Forwarding Addresses
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print forwardingaddresses [todrive]
+```
+Display or upload to Google Drive a CSV report of users' forwarding addresses. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+### Example
+This example outputs all users forwarding addressess in a CSV format.
+```
+gam all users print forwardingaddresses
+```
+
+## Show Forwarding Addresses
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show forwardingaddresses
+```
+Shows the given users' forwarding addresses.
+
+### Example
+This example shows alincoln's forwarding addresses.
+```
+gam user alincoln show forwardingaddresses
+```
+
+## Setting a Forward
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users forward off
+gam user <username>|group <groupname>|ou <ouname>|all users forward on <EmailAddress> keep|archive|delete|markread
+```
+Disable/enable and set an automatic email forward for the given users. If turning forwarding on, an `<EmailAddress>` and an action (`keep|archive|delete|markread`) are both required. The `<EmailAddress>` you specify must already have been set up as a forwarding address. Actions specify what to do with messages that have been forwarded.
+
+### Example
+This example sets a forward for the user, messages will be deleted after they are forwarded so they will not show up in the user's account
+```
+gam user eclapton forward on eclapton@music.com delete
+```
+
+## Print Forward Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print forward [todrive]
+```
+Display or upload to Google Drive a CSV report of users' forward settings. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+### Example
+This example outputs all users forwarding settings in a CSV format.
+```
+gam all users print forward
+```
+
+## Show Forward Settings
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show forward
+```
+shows the given users' forwarding settings.
+
+### Example
+This example shows alincoln's forwarding settings.
+```
+gam user alincoln show forward
+```
+
+
+# Delegates
+A delegate is someone who has been given access to someone else's email or contacts. The delegator is the one whose email and contacts are accessible by the delegate.
+Delegate and the delegators must be in the same domain, granting delegate access across multiple domains is currently not possible.
+
+## Creating a Gmail delegate
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delegate to <delegate email>
+gam user <username>|group <groupname>|ou <ouname>|all users add delegate <delegate email>
+```
+Gives email and contact access for the given users (the delegators) to the specified delegate account. Unlike when users request delegate access via Gmail settings, no email will be sent to the delegators for approval, the approval occurs immediately.
+The delegate and the delegator must be in the same domain, granting delegate access across multiple domains is currently not possible.
+
+Both the Gmail delegator and the delegate:
+
+* Must be active. A 500 error is returned if either user is suspended and disabled.<br>
+* Must not require a change of password on the next sign in. A 500 error is returned if either user has this flag enabled in the control panel, or, using the Provisioning API, the changePasswordAtNextLogin attribute is true.
+
+You can confirm these settings using the <a href='ExamplesProvisioning#Get_User_Info'>gam info user</a> command. Both "Account suspended" and "Must change password" should show false for both the delegate and the delegator.
+
+### Example
+This example gives jbezos access to the contacts and email of the sales account.
+```
+gam user sales delegate to jbezos@amazon.com
+```
+
+
+## Deleting a Gmail delegate
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete delegate <delegate email>
+```
+Deletes the delegate for the given users.
+
+### Example
+This example takes away deSecretary's access to deBoss's email and contacts.
+<br>
+```
+gam user deBoss delete delegate deSecretary
+```
+
+## Print Gmail delegates
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print delegates [todrive]
+```
+Display or upload to Google Drive a CSV report of users' delegates. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file.
+
+Prints the delegates that have access to the given user accounts.
+
+### Example
+This example prints delegates across the entire domain.
+```
+gam all users print delegates
+```
+
+
+## Show Gmail delegates
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show delegates [csv]
+```
+Shows the delegates that have access to the given user accounts. Optional argument csv prints out CSV style output instead of human readable.
+
+### Example
+This example shows delegates for users in the technology group.
+```
+gam group technology show delegates
+```
+----
+##  Creating a Contact delegate
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users add contactdelegate <delegate email>
+```
+Delegates given user(s) contacts to the given delegate user.
+
+### Example
+This examples gives D. Landingham access to manage J. Bartlet's contacts.
+```
+gam user jbartlet@acme.com add contactdelegate dlandingham@acme.com
+```
+----
+## Deleting a Contact delegate
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete contactdelegate <delegate email>
+```
+Removes a delegate user's access to a given user's contacts.
+
+### Example
+This example removes C. Young's delegate access to J. Bartlet's contacts.
+```
+gam user jbartlet@acme.com delete contactdelegate cyoung@acme.com
+```
+----
+## Print Contact delegates
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print contactdelegates [todrive]
+```
+Prints the contact delegates of a given user. The optional todrive argument causes the output to generate a Google Sheet rather than printing to the console.
+
+### Example
+This example prints all contact delegates for J. Bartlet to a Google Sheet.
+```
+gam user jbartlet@acme.com print contactdelegates todrive
+```
+----
+## Show Contact delegates
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show contactdelegates
+```
+Shows the contact delegates of a given user in human-friendly output format.
+
+### Example
+This example shows all contact delegates for J. Bartlet.
+```
+gam user jbartlet@acme.com show contactdelegates
+```
+----
+
+# Managing S/MIME Certificates
+## Adding S/MIME Certificates
+### Syntax
+```
+gam user <email> add smime <file <filename>> <password <password>> [default] [sendas <email>]
+```
+Uploads an S/MIME certificate for the user. The file argument specifies the local file which contains the S/MIME Certificate to be uploaded. The password argument specifies the password used to encrypt the S/MIME certificate. The optional argument default specifies that if user has multiple certificates for this sendas, this one should be the default. The optional argument sendas specifies the sendas email address that the S/MIME certificate should be used with. If sendas is not specified, the user's primary address is assumed.
+
+### Example
+This example uploads the file jim.pfx for Jim and marks it as default.
+```
+gam user jim@acme.com add smime file jim.pfx password p@ssw3rd default
+```
+----
+## Updating S/MIME Certificates
+### Syntax
+```
+gam user <email> update smime [id <id>] [sendas <email>] <default>
+```
+Updates a S/MIME certificate for a user. Currently the only update operation is to mark the certificate as the default. The id argument specifies the id of the S/MIME certificate to update. If ID is not specified then all existing certificates will be listed. The sendas argument specifies the sendas address which owns the certificate to be updated. If sendas is not specified, the user's primary address is assumed. The default argument updates the selected certificate to be the default. Currently default is required since it's the only update operation.
+
+### Example
+This example sets a certificate to be the default for John's primary address.
+```
+gam user john@acme.com update smime id 84833830 default
+```
+----
+
+## Deleting S/MIME Certificates
+### Syntax
+```
+gam user <email> delete smime <id <id>> [sendas <email>]
+```
+Deletes a S/MIME certificate for a user. The id argument specfies which S/MIME certificate should be deleted. The optional sendas argument specifies the sendas address which the certificate is associated with. If sendas is not specified then the user's primary address is used.
+
+### Example
+This example delete's the user's certificate.
+```
+gam user john@acme.com delete smime id 34394348349
+```
+----
+
+## Show/Print S/MIME Certificates
+### Syntax
+```
+gam user <email> show|print smime primaryonly todrive
+```
+Show or print the S/MIME certificates of the specified user(s). Show displays the certificates on the screen while print outputs CSV format. The optional argument primaryonly skips looking up additional sendas addresses for user and only pulls certificates associated with the user's primary address. The optional argument todrive specifies that printed output should be uploaded to a Google Drive Spreadsheet instead of displaying the CSV to the screen.
+
+### Example
+This example creates a spreadsheet with all user primary certificates.
+```
+gam all users print smime primaryonly todrive
+```
+----
+
+<h1>Hiding/Unhiding users from the domain contacts</h1>
+Individual user profiles can be hidden/unhidden from the domain contacts list (sometimes called the Global Address List or GAL).<br>
+<br>
+<h2>Changing a users profile to hidden/unhidden</h2>
+<h3>Syntax</h3>
+<pre><code>gam user &lt;username&gt;|group &lt;groupname&gt;|ou &lt;ouname&gt;|all users profile shared|unshared<br>
+</code></pre>
+Share a user's profile (contact) information with other users in the domain. If a user's profile is shared, they'll show up in autocomplete and contact searches for other users. If a user is unshared, others will not be able to discover the user's address and detailed contact info.<br>
+<br>
+<h3>Example</h3>
+this example hides all users in the asked-to-be-hidden Google group from email address autocomplete and contact searches.<br>
+<br>
+<pre><code>gam group asked-to-be-hidden profile unshared<br>
+</code></pre>
+<hr />
+
+<h2>Showing users profile hidden/unhidden status</h2>
+<h3>Syntax</h3>
+<pre><code>gam user &lt;username&gt;|group &lt;groupname&gt;|ou &lt;ouname&gt;|all users show profile<br>
+</code></pre>
+Show the current sharing status of the users' profile.<br>
+<br>
+<h3>Example</h3>
+this example shows the status of all user profiles in the domain.<br>
+<br>
+<pre><code>gam all users show profile<br>
+</code></pre>
+<hr />
+
+# User Profile Photos
+## Updating Profile Photos
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users update photo <photo filename>
+```
+Create or replace the user's photo with the one specified by filename. File should be jpg format. You can use #user# as part of the filename and it will be replaced with the user's full email address.
+
+### Examples
+this example replaces Michael Jones' photo with the one from the employee photo directory
+```
+gam user michael.jones@acme.com update photo h:\employee-photos\mjones.jpg
+```
+
+this example replaces all user's photos with ones stored in c:\photos\<user email>.jpg
+```
+gam all users update photo c:\photos\#user#.jpg
+```
+
+## Getting Profile Photos
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users get photo [drivedir|(targetfolder <FilePath>)] [noshow]
+```
+Gets the users' current photo and saves it to a file named username-domain.jpg in the GAM path. If `drivedir` is specified, the files will be saved in the folder referenced by the environment variable GAMDRIVEDIR. If `targetfolder <FilePath>` is specified, the files will be saved in FilePath. The `noshow` argument prevents to photo data from being displayed to stdout.
+
+## Example
+This example retrieves photos for all users in Google Apps and saves them to files in the C:\photos directory.
+```
+gam all users get photo targetfolder "C:\photos"
+```
+
+## Deleting Profile Photos
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete photo
+```
+Deletes the given users' profile photo returning it to blank.
+
+### Example
+This example will delete the profile photo for all members of the group named abused-the-system
+```
+gam group abused-the-system delete photo
+```
+
+
+# Managing User Emails
+## Modifying User Emails
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users modify messages|threads query <gmail search> [doit] [maxtomodify <number>] [addlabel <label>] [removelabel <label>] 
+```
+Modify user Gmail messages or threads. If you specify messages, the search will be done against individual messages and only individual messages that match the query will be modified. If you specify threads then all messages in all threads that match the query will be modified. The addlabel argument specifies labels that should be added to matching messages/threads. The removelabel argument specifies labels that should be added to matching messages/threads. The query parameter is required and uses Gmail search syntax. See the [Advanced Gmail Search help article](https://support.google.com/mail/answer/7190?hl=en) for some tips on complex searches. 
+
+By default, GAM will not modify any messages/threads for users. The doit parameter is needed to tell GAM to actually perform the modify operation. 
+
+The maxtomodify paramater (default: 1) defines how many matching messages/threads per user that may be modified. If more than this number of message matches the search query, GAM will refuse to modify ANY messages for that user. 
+
+### Example
+This example moves all matching messages to the Spam folder.
+```
+gam user joe@acme.com modify messages query 'subject:"buy viagra"' addlabel SPAM removelabel INBOX doit maxtomodify 10
+```
+
+This example marks all messages from president@acme.com as Important and Starred.
+```
+gam all users modify messages query from:president@acme.com addlabel IMPORTANT addlabel STARRED doit maxtomodify 500
+```
+----
+
+## Deleting, Trashing or Untrashing User Emails
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete|trash|untrash messages|threads query <gmail search> [doit] [maxtodelete|maxtotrash|maxtountrash <number>] 
+```
+Delete or move to trash messages or threads for a user or group of users. If you specify messages, the search will be done against individual messages and only individual messages that match the query will be deleted/trashed/undeleted. If you specify threads then all messages in all threads that match the query will be deleted/trashed/undeleted. The query parameter is required and uses Gmail search syntax. See the [Advanced Gmail Search help article](https://support.google.com/mail/answer/7190?hl=en) for some tips on complex searches. 
+
+By default, GAM will not delete/trash/untrash any messages for users, it only shows what messages will be impacted. The doit parameter is needed to tell GAM to actually perform the delete/trash/untrash operation.
+
+The maxtodelete/maxtotrash/maxtountrash paramater (default: 1) defines how many matching messages/threads per user that may be affected. If more than this number of message matches the search query, GAM will refuse to modify ANY messages for that user.
+
+### Examples
+This example gets a count of how many messages a user has with PDF attachments but doesn't actually do anything to them.
+```
+gam user joe@acme.org delete messages query filename:pdf
+```
+
+This example will delete the message that has this exact [RFC822 Message ID header](https://support.google.com/groups/answer/75960?hl=en) for all users. Only one message at most will be deleted for all users (they should have only one copy). This example is useful if an email is sent to a large number of people and you wish to remove it from their mailbox quickly.
+```
+gam all users delete messages query rfc822msgid:CAGoYzwvzepSfbHB8mBoOx4VqsiotTmRjvBSFjz8NMg2VXeHTrA@mail.gmail.com doit
+```
+
+This example will trash the thread that has a message from internal.leaker@gmail.com. This means that if users have replied to the message or forwarded it, those messages should also be deleted from the user mailbox.
+```
+gam all users delete threads query from:internal.leaker@gmail.com maxtodelete 10 doit
+```
+
+This example will trash all messages older than 7 years for members of the group. **BE CAREFUL!** There is no undo button. This command could be run on a regular basis (once a day or so) in order to ensure messages older than 7 years are trashed for the user.
+```
+gam group purge7@acme.org trash messages query older_than:7y doit maxtodelete 999999999
+```
+## Sending Email as a User
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users sendemail [message <message>] [file <file>] [subject <subject] [recipient <recipient>]
+```
+Sends an email as the given user. The optional argument message specifies the text to use for the email message including headers and body. The optional argument file reads the message including headers and body from a local file. An easy way to create a rich email message is to send it to yourself in Gmail UI and then [Download the original](https://support.google.com/mail/answer/29436?hl=en) to a file. The optional arguments subject and recipient set the message subject / recipient respectively and will override the headers set in message or file.
+
+### Example
+This example sends a quick message to the user and from the user
+```
+gam user test@example.com sendemail subject "from me, to me"
+```
+This example sends a message from the user to an external address
+```
+gam user test@example.com sendemail file c:\gam\test.eml recipient thedude@gmail.com
+```
+## Dropping Emails into a User Mailbox
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users insertemail|importemail [message <message>] [file <file>] [subject <subject] [recipient <recipient>] [labels <labels,>]
+```
+Drops an email into the given users mailbox. Note that unlike sendemail, these commands will always put the email directly into the user's mailbox, no matter who the recipient is set to. insertemail uses the [INSERT API method](https://developers.google.com/gmail/api/v1/reference/users/messages/insert) and is fastest though messages will not be de-duplicated or threaded in the Gmail mailbox. importemail uses the [IMPORT API method](https://developers.google.com/gmail/api/v1/reference/users/messages/import) which is slower but offers more processing options during delivery. By default, messages dropped in a user mailbox receive *no labels* which means they are archived and marked as read. To best grab a user's attention for reading the recommendation is to set labels like INBOX,UNREAD,IMPORTANT,STARRED. The optional argument message specified the message including headers and body. The optional argument file reads the message including headers and body from a local file. The optional arguments subject and recipient set the message subject and recipients overriding message and file. The optional argument labels specifies a comma separated list of labels to apply to the message.
+
+Dropped messages do not get processed by user Gmail filters.
+
+### Example
+This example is the fastest way to get an email in front of a LOT of users quickly with a custom message per-user.
+```
+gam print users givenname | gam csv - gam user ~primaryEmail insertemail subject "ALERT: ~~givenName~~ donuts in the break room" labels INBOX,UNREAD,IMPORTANT,STARRED
+```
+## Drafting Emails for a User
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users draftemail [message <message>] [file <file>] [subject <subject] [recipient <recipient>]
+```
+Places a draft email in the given user's mailbox. The optional argument message specifies the email message including headers and body. The optional argument file reads the message from a local file. The optional argument subject sets the message subject overriding message/file. The optional argument recipient sets the message recipient overriding message/file.
+
+### Example
+This example creates a draft message for a user.
+```
+gam user me@example.com draftemail subject "TPS Report" message "This is my TPS report" recipient boss@example.com
+```
+
+# Print/Show User Gmail Profile
+## Print User Gmail Profile
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print gmailprofile [todrive]
+```
+Display or upload to Google Drive a CSV report of user Gmail profile data. The optional `todrive` parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. 
+
+## Show User Gmail Profile
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users print gmailprofile
+```
+Display a formatted report of user Gmail profile data.
+---
+# Managing User Display Language
+## Set User Language
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users language <language code>
+```
+set the display language used for the user. A full list of language codes can be found [here.](https://developers.google.com/gmail/api/guides/language_settings#display_language).
+### Example
+This example sets the user's language to UK English
+```
+gam user jlennon language en-GB
+```
+---
+## Get User Language
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show language
+```
+get the display language currently set for the user.
+### Example
+This example gets the current language of the user.
+```
+gam user jlennon show language
+```
+---

docs/ExamplesOrganizations.md

@@ -0,0 +1,111 @@
+- [Creating an Organization Unit](#creating-an-organization-unit)
+- [Updating (and adding users to) an Organization Unit](#updating-and-adding-users-to-an-organization-unit)
+- [Retrieving an Organization Unit's Information](#retrieving-an-organization-units-information)
+- [Deleting an Organization Unit](#deleting-an-organization-unit)
+
+# Creating an Organization Unit
+## Syntax
+```
+gam create org <name> [description <Description>] [parent <Parent Org>] [noinherit]
+```
+create an organizational unit. The required argument name is the organization unit name, if it contains spaces, it should be quoted. The optional argument description offers more details on the organizational unit, if it contains spaces it should be quoted. The optional argument parent allows the organization unit to be created as a sub-org of an existing organization unit, if it contains spaces it should be quoted. If parent is not specified, the new organization is created at the top level. The optional argument noinherit blocks policy setting inheritance from organization units higher in the organization tree, inheritance is enabled by default if noinherit is not specified.
+
+## Example
+This example creates an Organization Unit with all optional arguments
+
+```
+gam create org "Mail Enabled Faculty" description "Faculty with access to Gmail" parent /Employees
+```
+
+---
+
+
+# Updating (and adding users to) an Organization Unit
+## Syntax
+```
+gam update org <name> [name <New Name>] [description <Description>] [parent <Parent>] [inherit|noinherit] [add users <Users> | file <File Name> | group <Group Name>]
+```
+update an organization unit. The required argument name is the organization unit name, if it contains spaces, it should be quoted. If the organization unit is a sub-organization, it should use the format "parent org/org" (use the / character between the parent and the sub-org). The optional argument "name ..." specifies a new name for the organization unit, if it contains spaces, it should be quoted. The optional argument description offers more details on the organizational unit, if it contains spaces it should be quoted. The optional argument parent allows the organization unit to be moved as a sub-org of an existing organization unit, if it contains spaces it should be quoted. The optional arguments inherit and noinherit enable/disable inheritance respectfully. The optional argument add specifies a list, filename or group of users that should be moved into the organization unit. If using add users, the list of users should be quoted and spaces should be used between each user. If using file, the given file should contain a list of users to be added, one per line. If using group, specify the name of a Google Apps group that contains the users you would like moved into the organization unit.
+
+**Important:** Users can only exist in one organization unit at a time. When you add them to an organization unit with this command, they will be removed from their previous organization unit.
+
+
+## Example
+This example updates the organization unit's parameters without adding any users
+```
+gam update org Faculty description "Faculty Users" parent Employees
+```
+
+This example renames the organization unit
+```
+gam update org Faculty name "Faculty and Staff"
+```
+
+This example adds the given list of users to the organization unit
+```
+gam update org Faculty add users "socrates plato aristotle"
+```
+
+This example assumes that the file faculty.txt exists and looks like:
+```
+davinci
+michelangelo
+raphael
+```
+it will add these users to the organization unit
+```
+gam update org Faculty add file faculty.txt
+```
+
+This example will add members of the Google Apps group inventors to the Faculty organization unit
+```
+gam update org Faculty add group inventors
+```
+
+---
+
+
+# Retrieving an Organization Unit's Information
+## Syntax
+```
+gam info org <name> [nousers|child]
+```
+retrieve details about the given organization unit. GAM will print a summary of the organization unit. If the nousers argument is selected, the users in the org won't be listed. The child argument prints users in the sub-orgs along with the string "(child") next to their email address.
+
+## Example
+This example will print a summary detailing the given organization unit
+```
+gam info org Faculty
+Organization Unit: Faculty
+Description: Faculty Users
+Parent Org: /
+Block Inheritance: false
+Users:
+ davinci@domain.com
+ michelangelo@domain.com
+ raphael@domain.com
+```
+
+---
+
+
+# Deleting an Organization Unit
+## Syntax
+```
+gam delete org <orgUnitPath>
+```
+delete the given organization unit.
+
+**Important:** The organization unit must be completely emptied of users and sub-organizations before it can be deleted.
+
+## Example
+This example will delete the already emptied organization unit Sub-faculty and then afterwards delete the emptied organization unit Faculty.
+
+```
+gam delete org /Faculty/Sub-faculty
+```
+
+```
+gam delete org /Faculty
+```
+---

docs/Find-File-Owner.md

@@ -1,4 +1,4 @@
-# Find File Owner
+!# Find File Owner
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Display File Ownership](#display-file-ownership)

docs/GAM-Return-Codes.md

@@ -1,4 +1,4 @@
-# GAM Return Codes
+!# GAM Return Codes
 
 These are the return codes used by GAM7.
 

docs/GAM-with-minimal-GCP-rights.md

@@ -1,4 +1,4 @@
-# GAM setup with minimal GCP permissions.
+!# GAM setup with minimal GCP permissions.
 
 - GCP Admin can create a project for the Workspace / GAM admin.
 

docs/GAM7-on-Android-Devices.md

@@ -1,4 +1,4 @@
-# GAM7 on Android Devices
+!# GAM7 on Android Devices
 GAM7 now runs on 64-bit Android devices such as Google's Pixel phones. The installation requires an app that adds the Linux environment to Android such as [UserLAnd](https://play.google.com/store/apps/details?id=tech.ula&hl=en_US).
 
 _Note: Chromebooks / Chrome OS devices should install GAM7 using [these instructions](GAM7-on-Chrome-OS-Devices)._

docs/GAM7-on-Chrome-OS-Devices.md

@@ -1,4 +1,4 @@
-# GAM7 on Chrome OS Devices
+!# GAM7 on Chrome OS Devices
 Chrome OS devices that [support Linux apps](https://support.google.com/chromebook/answer/9145439?hl=en) can run GAM7. This includes Intel/AMD x86_64 Chromebooks as well as ARM-based Chromebooks with Mediatek or Rockchip 64-bit CPUs.
 
 1. [Set up Linux on your Chromebook](https://support.google.com/chromebook/answer/9145439?hl=en).

docs/GAM7CSVListings.md

@@ -0,0 +1,434 @@
+- [Printing All Users](#printing-all-users)
+- [Printing All Groups](#printing-all-groups)
+- [Print All Aliases](#print-all-aliases)
+- [Print All Organizational Units](#print-all-organizational-units)
+- [Print All Resource Calendars](#print-all-resource-calendars)
+- [Print All Domains and Domain Aliases](#print-all-domains-and-domain-aliases)
+- [Print Mobile Devices](#print-mobile-devices)
+- [Print Chrome OS Devices](#print-chrome-os-devices)
+- [Print Chrome OS Device Activity](#print-chrome-os-device-activity)
+- [Print Licenses](#print-licenses)
+- [Reports](#reports)
+  - [User Report](#users-report)
+  - [Customer Report](#customer-report)
+  - [Usage Reports](#usage-reports)
+  - [Possible Usage Parameters](#possible-usage-parameters)
+  - [Drive Report](#drive-report)
+  - [Admin Actions Report](#admin-actions-report)
+  - [Calendar Actions Report](#calendar-actions-report)
+  - [Group Actions Report](#group-actions-report)
+  - [Login Audit Report](#login-audit-report)
+  - [Mobile Audit Report](#mobile-audit-report)
+  - [OAuth Token Activities Report](#oauth-token-activities-report)
+
+# Printing All Users
+
+### Syntax
+```
+gam print users [allfields] [custom all|list,of,schemas] [userview] [ims] [emails] [externalids] [relations] [addresses] [organizations] [phones] [licenses] [firstname] [lastname] [emailparts] [deleted_only] [orderby email|firstname|lastname] [ascending|descending] [domain] [query <query>] [fullname] [ou] [suspended] [changepassword] [agreed2terms] [admin] [gal] [id] [creationtime] [lastlogintime] [aliases] [groups] [todrive]
+```
+prints a CSV file of all users in the G Suite Organization. The CSV output can be redirected to a file using the operating system's pipe command (such as "> users.csv") see examples below. By default, the only column printed is the user's full email address. The optional argument allfields adds all fields (except groups which requires per-user API calls) to the CSV. The optional argument deleted\_only prints only users deleted within the past 5 days. The optional custom argument adds custom schemas. If all is specified, all custom schemas will be included. Otherwise only those listed in a comma separated list will be included. The optional userview parameter returns only fields that are viewable by regular users and can be run even if GAM is authenticated against a regular user account. The optional licenses parameter includes a column for all SKUs assigned to each user. The optional query parameter should match the [API search for users](https://developers.google.com/admin-sdk/directory/v1/guides/search-users) format. All other arguments add the respective additional column to the CSV output. Note that adding groups will require 1 additional call to Google's servers <b>per user</b> which will significantly increase the length of time for the command to complete. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+This example will generate the csv file users.csv showing with columns many fields
+```
+gam print users allfields > users.csv
+Getting all users in the organization (may take some time on a large G Suite account)...
+
+users.csv contains:
+--
+Email,Firstname,Lastname,Fullname,Username,OU,Suspended,SuspensionReason,ChangePassword,AgreedToTerms,DelegatedAdmin,Admin,CreationTime,LastLoginTime,Aliases,NonEditableAliases,ID,PhotoURL,IncludeInGlobalAddressList
+jsmith@acme.com,Jon,Smith,Jon Smith,jsmith,/Sales,False,,False,True,False,False,2012-03-23T15:04:19.000Z,2013-05-06T16:02:36.000Z,,jsmith@acme-alias.gov,106100537778424449519,,True
+--
+```
+
+---
+
+
+# Printing All Groups
+### Syntax
+```
+gam print groups [name] [description] [admincreated] [id] [aliases] [members] [owners] [managers] [settings] [todrive]
+```
+prints a CSV file of all groups in the G Suite domain. The CSV output can be redirected to a file using the operating system's pipe command (such as "> groups.csv") see examples below. By default, the only column printed is the Group email address. The optional arguments name, description, id and admincreated add the respective additional column to the CSV output. The optional arguments members, owners, managers and settings each perform 1 additional API call per group which may greatly increase the time it takes the command to complete. settings will add multiple columns for the groups advanced settings. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Examples
+this example will output all details for all groups to the file groups.csv
+```
+gam print groups name description admincreated id aliases members owners managers settings > groups.csv
+```
+
+---
+
+
+# Print All Aliases
+### Syntax
+```
+gam print aliases [todrive]
+```
+prints a CSV file of all email aliases in the G Suite domain for both users and groups. The CSV output can be redirected to a file using the operating system's pipe command (such as "> nicknames.csv") see examples below. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+this example will output all nicknames to the file aliases.csv
+```
+gam print aliases > aliases.csv
+```
+
+---
+
+
+# Print All Organizational Units
+### Syntax
+```
+gam print orgs [name] [description] [parent] [inherit] [allfields] [todrive]
+```
+prints a CSV file of all organizational units in the G Suite account. The CSV output can be redirected to a file using the operating system's pipe command (such as "> orgs.csv") see examples below. By default, the only column output is "Path" (OUs full path). The optional argument allfields will include all possible fields in the CSV. The optional arguments name, description, parent and inherit add the respective additonal column to the CSV output. Only 1 call to Google's servers is done no matter which arguments are specified so the optional arguments should not significantly increase the time it takes for the command to complete. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+this example will output all organizations to the file orgs.csv including all optional columns
+```
+gam print orgs name description parent inherit > orgs.csv
+```
+
+---
+
+
+# Print All Resource Calendars
+### Syntax
+```
+gam print resources [description] [type] [allfields] [todrive]
+```
+prints a CSV file of all resource calendars in the G Suite account. The CSV output can be redirected to a file using the operating system's pipe command (such as "> resources.csv") see examples below. The optional arguments description and type add the respective additional column to the CSV output. The optional argument allfields will add all returned fields (including description and type) to the output. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+this example will output all resource calendars to the file resources.csv including all optional columns
+```
+gam print resources allfields > resources.csv
+```
+---
+
+# Print All Domains and Domain Aliases
+
+### Syntax
+```
+gam print domains [todrive]
+```
+
+Outputs CSV of all domains. The todrive parameter causes GAM to create a Google Spreadsheet of results rather than outputting a CSV.
+
+---
+
+# Print Mobile Devices
+### Syntax
+```
+gam print mobile [query <query>] [basic|full] [orderby deviceid|email|lastsync|model|name|os|status|type] [ascending|descending] [todrive]
+```
+
+Prints all mobile devices connected to the G Suite instance. All fields are included in the CSV. The optional argument `query` specifies an optional query to limit output results. The format of the query parameter should match the [Search format of the Control Panel](http://support.google.com/a/bin/answer.py?hl=en&answer=1408863#search). The `basic` and `full` arguments control the selection of fields that are output. The `orderby` and `ascending/descending` parameters determine how the CSV output is sorted. The optional `todrive` argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+This example prints details on all mobile devices in the domain
+```
+gam print mobile
+```
+
+This example prints all of jsmith@acme.org's mobile devices
+```
+gam print mobile query "email:jsmith@acme.org"
+```
+
+---
+
+
+# Print Chrome OS Devices
+### Syntax
+```
+gam print cros [query <query>] [orderby location|user|lastsync|serialnumber|supportenddate] [ascending|descending] [todrive] [allfields|full|basic] [nolists] [listlimit <Number>] <CrOSFieldName>* [fields <CrOSFieldNameList>]
+```
+Print all Chrome OS devices enrolled in the G Suite instance. By default, the only column printed is the deviceId. The optional arguments `allfields/full` add all fields to the output; the optional argument `basic` adds some essential fields to the output. The `<CrOSFieldName>*` and `fields <CrOSFieldNameList>` arguments give you the ability to select the specific fields you want output. The optional parameter `query` specifies a query to perform, limiting the results to matching devices. The query format is described in Google's [help article](http://support.google.com/chrome/a/bin/answer.py?hl=en&answer=1698333). The `orderby` and `ascending/descending` parameters determine sorting of CSV output. The optional `todrive` argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+The full data for a Chrome OS device includes two repeating fields, `recentUsers` and `activeTimeRanges`, with multiple entries of two columns each that makes for a large number of columns in the CSV output. Use the `listlimit <Number>` argument to limit each of the repeating fields to `<Number>` entries of two columns each. The `nolists` argument eliminates these two fields from the output. Specifying either or both of `recentusers` or `activetimeranges` as a field includes the fields in the output, but there are only two columns per field per row; multiple rows are written to the CSV output to include all of the values. The `listlimit <Number>` argument limits the rows written to `<Number>`.
+
+### Example
+This example prints basic data for all Chrome OS Devices enrolled in the domain.
+
+```
+gam print cros basic
+```
+
+This example prints all Chrome OS devices annotated as belonging to jsmith@acme.org
+
+```
+gam print cros query "user:jsmith@acme.org"
+```
+
+---
+
+# Print Chrome OS Device Activity
+### Syntax
+```
+gam print crosactivity [query <query>] [todrive] [times] [users] [start <yyyy-mm-dd>] [end <yyyy-mm-dd>]
+```
+Print information about Chrome OS device activity and recent users. Outputs one line per device per daily usage and one line per device with recent users. The optional parameter `query` specifies a query to perform, limiting the results to matching devices. The query format is described in Google's [help article](http://support.google.com/chrome/a/bin/answer.py?hl=en&answer=1698333). The optional `todrive` argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally. The optional times and users arguments specify whether only times or users should be output. By default, both times and users are included in the CSV output. The optional start and end date parameters specify the oldest and newest activity dates that should be included in the output, be default all dates returned by the API are included (usually max 14 entries).
+
+### Example
+This example prints all Chrome OS activity times to a spreadsheet.
+```
+gam print crosactivity todrive
+```
+----
+
+# Print Licenses
+### Syntax
+```
+<ProductID> ::=
+        Google-Apps|
+        Google-Chrome-Device-Management|
+        Google-Coordinate|
+        Google-Drive-storage|
+        Google-Vault|
+        101001|
+        101005|
+        101031
+<ProductIDList> ::= "(<ProductID>|SKUID>)(,<ProductID>|SKUID>)*"
+<SKUID> ::=
+        cloudidentity|identity|1010010001|
+        cloudidentitypremium|identitypremium|1010050001|
+        free|standard|Google-Apps|
+        gafb|gafw|basic|gsuitebasic|Google-Apps-For-Business|
+        gafg|gsuitegovernment|gsuitegov|Google-Apps-For-Government|
+        gams|postini|gsuitegams|gsuitepostini|gsuitemessagesecurity|Google-Apps-For-Postini|
+        gal|lite|gsuitelite|Google-Apps-Lite|
+        gau|unlimited|gsuitebusiness|Google-Apps-Unlimited|
+        gae|enterprise|gsuiteenterprise|1010020020|
+        gsefe|e4e|gsuiteenterpriseeducation|1010310002|
+        chrome|cdm|googlechromedevicemanagement|Google-Chrome-Device-Management|
+        coordinate|googlecoordinate|Google-Coordinate|
+        drive20gb|20gb|googledrivestorage20gb|Google-Drive-storage-20GB|
+        drive50gb|50gb|googledrivestorage50gb|Google-Drive-storage-50GB|
+        drive200gb|200gb|googledrivestorage200gb|Google-Drive-storage-200GB|
+        drive400gb|400gb|googledrivestorage400gb|Google-Drive-storage-400GB|
+        drive1tb|1tb|googledrivestorage1tb|Google-Drive-storage-1TB|
+        drive2tb|2tb|googledrivestorage2tb|Google-Drive-storage-2TB|
+        drive4tb|4tb|googledrivestorage4tb|Google-Drive-storage-4TB|
+        drive8tb|8tb|googledrivestorage8tb|Google-Drive-storage-8TB|
+        drive16tb|16tb|googledrivestorage16tb|Google-Drive-storage-16TB|
+        vault|googlevault|Google-Vault|
+        vfe|googlevaultformeremployee|Google-Vault-Former-Employee
+<SKUIDList> ="<SKUID>(,<SKUID>)*"
+
+gam print license|licenses|licence|licences [todrive] [(products|product <ProductIDList>)|(skus|sku <SKUIDList>)]
+
+```
+Print G Suite, Google Drive storage and Google Coordinate license assignments for the domain. The optional todrive argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrators Google Drive rather than displaying it locally.
+
+### Example
+This example gets all license assignments for the G Suite instance and uploads the spreadsheet to Google Docs.
+```
+gam print licenses todrive
+```
+
+---
+
+
+# Reports
+## Users Report
+### Syntax
+```
+gam report users [todrive] [date <yyyy-mm-dd>] [user <email>] [filter <filter terms>] [fields <included fields>]
+```
+
+Display or upload to Google Drive a CSV report of current users. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional date parameter specifies when the report should be pulled for, when not specified, GAM pulls the most recently available report from Google. The optional user parameter specifies the email address of a single user whose data should be returned, by default all users in the G Suite instance are pulled. The optional filter parameter specifies search terms as described in [Google's API documentation](https://developers.google.com/admin-sdk/reports/v1/reference/userUsageReport/get). The optional fields parameter specifies a comma-separated list of fields (columns) to be included in the output, if not specified all columns are returned. A list of account parameters can be found [here](https://developers.google.com/admin-sdk/reports/v1/reference/usage-ref-appendix-a/users-accounts)
+
+### Example
+This command will pull the most recently available users report and upload to drive.
+```
+gam report users todrive
+```
+
+This command will pull a list of users who have not logged in since the beginning of the year.
+```
+gam report users filter 'accounts:last_login_time<2013-01-01T00:00:00.000Z'
+```
+
+This command will pull a list of users and their usage of Drive and Gmail.
+```
+gam report users parameters accounts:drive_used_quota_in_mb,accounts:gmail_used_quota_in_mb
+```
+
+---
+
+
+## Customer Report
+### Syntax
+```
+gam report customer [todrive] [date <yyyy-mm-dd>]
+```
+Display or upload to Google Drive a CSV report of aggregate user data across the G Suite instance (all users). The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional date parameter specifies when the report should be pulled for, when not specified, GAM pulls the most recently available report from Google.
+
+### Example
+This example uploads to Google Drive the most recent customer report
+```
+gam report customer todrive
+```
+
+## Usage Reports
+### Syntax
+```
+gam report usage user|customer parameters <comma separated parameters> [start_date yyyy-mm-dd] [end_date yyyy-mm-dd] [orgunit <ou of users>] [skip_dates yyyy-mm-dd...] [skip_days_of_week mon,tue...] [todrive] [users|group|csvfile]
+```
+Provides CSV output of customer or user service usage. When the optional todrive argument is specified a Google Sheet is created and a chart can easily be added to present a graphical timeline. The parameters argument is required and specifies a comma-separated list of which parameters to retrieve. Possible parameter values can be discovered with the [gam report usageparameters](#possible-usage-parameters) command. The optional start_date and end_date arguments specify the date range to retrieve. When not specified, start_date will be one month ago and end_date will be the most recent report (may be 3-4 days old). The optional orgunit argument specifies a Google Organizational unit of users to retrieve report data against, orgunit works only with user, not customer. The optional arguments skip_dates and skip_days_of_week specify precise dates or days of week when usage should not be retrieved. This allows you to remove weekends or holidays from the usage data reducing "camel humping" of the data. By default with the user usage report, all users are retrieved or, if orgunit is specified users of a given orgunit are retrieved. Optionally you can specify a group, list of users or csvfile of users to retrieve. Note that this option can be very slow as an API call will be made per-user, per date.
+
+### Example
+This example generates a Google Sheet of Google Meet total usage across your users. Once in the Sheet a chart can easily be added to provide a graphical timeline of usage trends. Note that total_call_minutes = sum of all user time spent on a meeting, 5 users in a 10 minute meeting = 50 call minutes and total_meeting_minutes = sum of all meeting times, 5 users in a 10 minute meeting = 10 meeting minutes.
+```
+gam report usage customer parameters meet:total_call_minutes,meet:total_meeting_minutes todrive start_date 2020-03-01 skip_days_of_week sat,sun skip_dates 2020-03-06
+```
+----
+## Possible Usage Parameters
+### Syntax
+```
+gam report usageparameters customer|user
+```
+provides a printed list of all possible parameters which can be used with the [gam report usage](#usage-reports) parameters argument.
+
+### Example
+Shows all usage parameters available for customer
+```
+gam report usageparameters customer
+```
+## Drive Report
+### Syntax
+```
+gam report drive [todrive] [user <user email> [ip <ip address>] [start <start time>] [end <end time>] [event view|edit|<other>] [filter <filter>]
+```
+Display or upload to Google Drive a CSV report of Google Drive activities by users in the past 180 days. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to documents viewed or edited by the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period.
+
+The optional event parameter narrows the results down to specific event types such as just views or just edits. Refer to the [Drive Event Names appendix](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names) for details.
+
+For more granular control, use the optional filter parameter and pass in a filter query as documented in the [Reports API documentation](https://developers.google.com/admin-sdk/reports/reference/rest/v1/activities/list#body.QUERY_PARAMETERS.filters). Useful filter parameters include `doc_title` to list all activities for files with a given name and `doc_id` to list all activities for a specific file (both of which might be helpful to identify the owner of a file).
+
+### Example
+This example uploads to Drive a CSV of all doc actions:
+```
+gam report drive todrive
+```
+
+This example narrows the results down to actions performed by john@acme.com on Christmas Day 2013 (GMT):
+```
+gam report drive user john@acme.com start 2013-12-25T00:00:00.000Z end 2013-12-25T23:59:59.999Z
+```
+
+This example narrows the results down to just files with the name _All files in Policies Shared Drive_ and can be used to help identify the owner of a file when all you know is the name (will also match other files with the same name):
+```
+gam report drive filter "doc_title==All files in Policies Shared Drive"
+```
+
+This example narrows the results down to just files with the ID _9gEtJNb85tK87Py2SJl8uwq78BxSMMR_ and can be used to identify the owner of a file when all you know is the ID:
+```
+gam report drive filter "doc_id==9gEtJNb85tK87Py2SJl8uwq78BxSMMR"
+```
+
+
+## Admin Actions Report
+### Syntax
+```
+gam report admin [todrive] [user <user email>] [ip <ip address>] [start <start time>] [end <end time>] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of administrator activities for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to admin activities performed by the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given admin event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/admin-event-names)
+
+### Example
+This example uploads all recent admin changes to Google Drive.
+```
+gam report admin todrive
+```
+
+This example shows the admin activities of joe@schmo.com for 6/9/13 through 6/12/13 (GMT).
+```
+gam report admin todrive user joe@schmo.com start 2013-06-09T00:00:00.000Z end 2013-06-12T11:59:59.999Z
+```
+
+## Calendar Actions Report
+### Syntax
+```
+gam report calendar [todrive] [user <user email>] [ip <ip address>] [start <start time>] [end <end time>] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of calendar activities for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to admin activities performed by the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given calendar event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/calendar-event-names)
+
+This example shows the calendar activities of joe@schmo.com for 6/9/13 through 6/12/13 (GMT).
+```
+gam report calendar user joe@schmo.com start 2013-06-09T00:00:00.000Z end 2013-06-12T11:59:59.999Z
+```
+
+## Group Actions Report
+### Syntax
+```
+gam report groups [todrive] [user <user email>] [ip <ip address>] [start <start time>] [end <end time>] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of group actions for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to group actions performed by the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given group event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/groups-event-names)
+
+### Example
+This example uploads all recent group changes to Google Drive.
+```
+gam report groups todrive
+```
+
+This example shows the group actions of joe@schmo.com for 6/9/13 through 6/12/13 (GMT).
+```
+gam report groups user joe@schmo.com start 2013-06-09T00:00:00.000Z end 2013-06-12T11:59:59.999Z
+```
+
+## Login Audit Report
+### Syntax
+```
+gam report login [todrive] [user <user email>] [ip <ip address>] [start YYYY-MM-DDThh:mm:ss.000Z] [end YYYY-MM-DDThh:mm:ss.000Z] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of user login activities for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to login activities performed by the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given login event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/login-event-names)
+
+### Example
+This example uploads all recent admin changes to Google Drive.
+```
+gam report login todrive
+```
+
+This example shows the login activities of joe@schmo.com.
+```
+gam report login todrive user joe@schmo.com
+```
+
+## Mobile Audit Report
+### Syntax
+```
+gam report mobile [todrive] [user <user email>] [ip <ip address>] [start YYYY-MM-DDThh:mm:ss.000Z] [end YYYY-MM-DDThh:mm:ss.000Z] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of mobile device activities for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to mobile device activities associated with the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given mobile event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/appendix/activity/mobile)
+
+### Example
+This example uploads all recent mobile device activities to Google Drive.
+```
+gam report mobile todrive
+```
+## OAuth Token Activities Report
+### Syntax
+```
+gam report token [todrive] [user <user email>] [ip <ip address>] [start YYYY-MM-DDThh:mm:ss.000Z] [end YYYY-MM-DDThh:mm:ss.000Z] [event <event name>]
+```
+Display or upload to Google Drive a CSV report of OAuth token activities for the G Suite domain. The optional todrive parameter specifies that the results should be uploaded to Google Drive rather than being displayed on screen or piped to a CSV text file. The optional user parameter narrows the results down to OAuth Token activities associated with the given user. The optional ip address parameter narrows results down to activities performed from the given IPv4 or IPv6 address. The optional start and end parameters narrow the results down to actions performed during the given period. The optional event parameter narrows the results down to the given token event type.
+
+[Details.](https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/token-event-names)
+
+### Example
+This example uploads all recent OAuth Token activities to Google Drive.
+```
+gam report token todrive
+```

docs/GAM7GroupSettings.md

@@ -0,0 +1,448 @@
+- [Enabling Google Groups for Business](#enabling-google-groups-for-business)
+- [Updating  Group Settings](#updating--group-settings)
+  - [Allow External Members](#allow-external-members)
+  - [Message Moderation Level](#message-moderation-level)
+  - [Primary Language](#primary-language)
+  - [Reply To](#reply-to)
+  - [Send Message Deny Notification](#send-message-deny-notification)
+  - [Show In Groups Directory](#show-in-groups-directory)
+  - [Who Can Invite](#who-can-invite)
+  - [Who Can Join](#who-can-join)
+  - [Who Can Post Message](#who-can-post-message)
+  - [Who Can View Group](#who-can-view-group)
+  - [Who Can View Membership](#who-can-view-membership)
+  - [Allow Google Communication](#allow-google-communication)
+  - [Allow Web Posting](#allow-web-posting)
+  - [Archive Only](#archive-only)
+  - [Custom Reply To](#custom-reply-to)
+  - [Is Archived](#is-archived)
+  - [Max Message Bytes](#max-message-bytes)
+  - [Members Can Post As The Group](#members-can-post-as-the-group)
+  - [Message Display Font](#message-display-font)
+  - [Description](#description)
+  - [Group Name](#group-name)
+  - [Spam Moderation Level](#spam-moderation-level)
+  - [Include in Global Address List (GAL)](#include-in-global-address-list-gal)
+  - [Who Can Leave Group](#who-can-leave-group)
+  - [Who Can Contact Owner](#who-can-contact-owner)
+
+# Enabling Google Groups for Business
+In order to make use of the advanced Group Settings for your Google Apps domain, you need to have the Google Groups for Business service enabled for your domain. Please verify that you've enabled the service by [following Google's instructions](http://www.google.com/support/a/bin/answer.py?hl=en&answer=167096).
+
+# Updating  Group Settings
+You can update all of the group settings listed by the
+```
+gam update group <group>
+```
+command. You can also specify any of these group settings during group creation. For example:
+```
+gam create group sales@acme.org max_message_size 25M
+```
+
+The commands below are broken up below to only discuss one group setting for each area but they can easily be combined. For example you could change both the archive status, group name and description with a command like:
+```
+gam update group employees@example.com is_archived true name "Example Employees" description "list of example employees"
+```
+
+## Allow External Members
+### Syntax
+```
+gam update group <group> allow_external_members true|false
+```
+Whether or not **group owners** are allowed to add users outside the Google Apps domain to the group. Google Apps admins should always be able to add external email addresses to the group.
+### Example
+This example prevents group owners from adding users outside the Google Apps domain to the employees group
+```
+gam update group employees@example.com allow_external_members false
+```
+
+---
+
+
+## Message Moderation Level
+### Syntax
+```
+gam update group <group> message_moderation_level moderate_all_messages|moderate_new_members|moderate_none|moderate_non_members
+```
+The level of moderation that the group should have. moderate\_all\_messages will require a owner/manager to approve all messages sent to the group before they are emailed or viewable by group members. moderate\_new\_members places only new group members under moderation. moderate\_none disables group moderation completely. moderate\_non\_members will moderate only messages sent to the group from email addresses that are not a member of the group.
+
+### Example
+This example sets the group to moderate new members
+```
+gam update group coffeetalk@example.com message_moderation_level moderate_new_members
+```
+
+---
+
+
+## Primary Language
+### Syntax
+```
+gam update group <group> primary_language <language>
+```
+Update the primary language used by the group. For a list of valid languages see [here](https://developers.google.com/admin-sdk/email-settings/?csw=1#language_tags).
+
+### Example
+This command sets the primary language for the english majors group to US English.
+```
+gam update group english-majors@acme.edu primary_language en-US
+```
+
+---
+
+
+## Reply To
+### Syntax
+```
+gam update group <group> reply_to reply_to_custom|reply_to_ignore|reply_to_list|reply_to_managers|reply_to_owner|reply_to_sender
+```
+Determine who, by default replies to group messages will be directed to.  reply\_to\_custom will use the email address set with the custom\_reply\_to command (suggest you combine these commands, see example). reply\_to\_ignore allows the group users to decide individually where the reply will go to. reply\_to\_list directs the reply back to the list address. reply\_to\_managers will direct replies to the group's managers/owners. reply\_to\_owner will direct replies to the group's owners. reply\_to\_sender directs replies at the sender of the original message.
+
+### Example
+This command sets the reply to a custom address, the custom address is also set to doodads@acme.com by the custom\_reply\_to command.
+```
+gam update group widgets@acme.com reply_to reply_to_custom custom_reply_to doodads@acme.com
+```
+This command sets the reply to go back to the list
+```
+gam update group widgets@acme.com reply_to reply_to_list
+```
+
+---
+
+
+## Send Message Deny Notification
+### Syntax
+```
+gam update group <group> send_message_deny_notification true|false
+```
+Determine whether or not the text of message\_deny\_notification\_text is sent to the sender of rejected messages. If this setting is true, message\_deny\_notification\_text should also be set to something.
+
+### Example
+This example turns message deny notification off for sales@acme.com.
+```
+gam update group sales@acme.com send_message_deny_notification false
+```
+
+---
+
+
+## Show In Groups Directory
+### Syntax
+```
+gam update group <group> show_in_group_directory true|false
+```
+Should the group be listed in the master list of all groups shown to users.
+
+**Note:** If you have "Group owners can hide groups from the groups directory" unchecked under Settings, Google Groups for Business within the Google Apps Control Panel, this setting will remain true for all groups and attempts to make it false will have no effect.
+
+### Example
+This example removes the secretlabs@acme.com group from the group directory listing.
+```
+gam update group <group> show_in_group_directory false
+```
+
+---
+
+
+## Who Can Invite
+### Syntax
+```
+gam update group <group> who_can_invite ALL_MEMBERS_CAN_INVITE|ALL_MANAGERS_CAN_INVITE|NONE_CAN_INVITE
+```
+Determine who is allowed to invite new members to the group.  ALL\_MEMBERS\_CAN\_INVITE allows anyone who is already a member of the group to invite others to join. ALL\_MANAGERS\_CAN\_INVITE allows only group managers and owners to invite others. NONE\_CAN\_INVITE prevents anyone from inviting new members to the group via the web UI, requiring all members to be added via the API (or GAM).
+
+### Example
+This example allows any existing member of engineers@acme.com to invite others to join the group.
+```
+gam update group engineers@acme.com who_can_invite all_members_can_invite
+```
+
+---
+
+
+## Who Can Join
+### Syntax
+```
+gam update group <group> who_can_join all_in_domain_can_join|anyone_can_join|can_request_to_join|invited_can_join
+```
+Determines who is allowed to become a member of the group. all\_in\_domain\_can\_join allows any domain members to directly join the group. anyone\_can\_join allows any logged in Google Account to join the group. can\_request\_to\_join allows anyone to request membership to join. invited\_can\_join allows only those members who have received invitations to join the group (disable request to join). invited\_can\_join can be used with setting [Who Can Invite](#who-can-invite) to NONE_CAN_INVITE to prevent the addition of new members via the Web UI.
+
+### Example
+This example allows anyone on the Internet to potentially join the deals@acme.com group.
+```
+gam update group deals@acme.com  who_can_join anyone_can_join
+```
+
+---
+
+
+## Who Can Post Message
+### Syntax
+```
+gam update group <group> who_can_post_message all_in_domain_can_post|all_managers_can_post|all_members_can_post|anyone_can_post|none_can_post
+```
+Determine who is allowed to send messages to the group. all\_in\_domain\_can\_post allows any Google Apps user in the domain to send messages (even if they're not a group member). all\_managers\_can\_post limits sending rights to owners and managers. all\_members\_can\_post allows anyone who has joined the group to send messages. anyone\_can\_post allows anyone on the Internet to send email to the group address. none\_can\_post is not normally directly set on a group, it will show as the return value for who\_can\_post if archive\_only is true.
+
+### Example
+This example locks the announcements@acme.com group down to only accept posts from managers and owners.
+```
+gam update group announcements@acme.com who_can_post_message all_managers_can_post
+```
+
+---
+
+
+## Who Can View Group
+### Syntax
+```
+gam update group <group> who_can_view_group all_in_domain_can_view|all_managers_can_view|all_members_can_view|anyone_can_view
+```
+Determine who can view this group including past messages sent to the group if is\_archived is enabled. all\_in\_domain\_can\_view allows any Google Apps users in the domain to view the group. all\_managers\_can\_view limits viewing the group to owners and managers only. all\_members\_can\_view allows anyone who is a member of the group to view it. anyone\_can\_view allows anyone on the Internet to view the group.
+
+### Example
+This example sets membersonly@acme.com to only be viewable by members.
+```
+gam update group membersonly@acme.com who_can_view_group all_members_can_view
+```
+
+---
+
+
+## Who Can View Membership
+### Syntax
+```
+gam update group <group>  who_can_view_membership all_in_domain_can_view|all_managers_can_view|all_members_can_view
+```
+Determine who can view the list of group members. all\_in\_domain\_can\_view opens group membership lists to all Google Apps users in the domain. all\_managers\_can\_view limits group membership lists to group managers and owners. all\_members\_can\_view allows anyone who is a member of the group to see the member list.
+
+### Example
+This example locks down probation@acme.com so that only group managers can see who is a member of the group via the groups interface.
+```
+gam update group probation@acme.com who_can_view_membership all_managers_can_view
+```
+
+---
+
+
+## Allow Google Communication
+### Syntax
+```
+gam update group <group> allow_google_communication true|false
+```
+Determine if Google is allowed to send communications to group managers and owners. Occasionally Google may send updates on the latest features, ask for input on new features, or ask for permission to highlight your group. true allows this communication. false will prevent Google from ever sending these communications to the group.
+
+### Example
+This example prevents Google from directly contacting hr@acme.com managers and owners.
+```
+gam update group hr@acme.com allow_google_communication false
+```
+
+---
+
+
+## Allow Web Posting
+### Syntax
+```
+gam update group <group> allow_web_posting true|false
+```
+Determine if users are allowed to post to the group from the Google Groups web interface or via email only.
+
+### Example
+This example turns off web-based posting for the reports@acme.com group.
+```
+gam update group reports@acme.com allow_web_posting false
+```
+
+---
+
+
+## Archive Only
+### Syntax
+```
+gam update group <group> archive_only true|false
+```
+Determine if the group is limited to archival of old messages or if it is active. Setting archive only prevents new messages from going to the group.
+
+### Example
+This example puts legacy@acme.com into archive only mode.
+```
+gam update group legacy@acme.com archive_only true
+```
+
+---
+
+
+## Custom Reply To
+### Syntax
+```
+gam update group <group> custom_reply_to <email>
+```
+Sets the email address that will be used when reply\_to is set to reply\_to\_custom. When both settings are in place, this address will be the default reply to for messages sent to the group.
+
+### Example
+This example enables reply\_to\_custom for fanclub@acme.com and sets the custom\_reply\_to address to manager@acme.com
+```
+gam update group fanclub@acme.com reply_to reply_to_custom custom_reply_to manager@acme.com
+```
+
+---
+
+
+## Is Archived
+### Syntax
+```
+gam update group <group> is_archived true|false
+```
+Determines whether or not messages sent to the group should be archived and viewable in the Google Groups interface.
+
+### Example
+This example turns archiving off for the hr@acme.com group.
+```
+gam update group hr@acme.com is_archived false
+```
+
+---
+
+
+## Max Message Bytes
+### Syntax
+```
+gam update group <group> max_message_bytes <integer>
+```
+Determines the maximum size of a message sent to the group. Instead of entering a large number, K or M can be used to specify kilobytes or megabytes. For example, 512K or 1M would both be valid values.
+
+### Example
+This example sets Twitter-like size limits for the twitter@acme.com group. We bump it to 4 kilobytes instead of 160 bytes to account for message headers.
+```
+gam update group twitter@acme.com max_message_bytes 4K
+```
+
+---
+
+
+## Members Can Post As The Group
+### Syntax
+```
+gam update group <group> members_can_post_as_the_group true|false
+```
+Determines if members are allowed to send to the group using the group's email address as the From.
+
+### Example
+This example will allow sales@acme.com group members to send out messages to the group as sales@acme.com.
+```
+gam update group sales@acme.com members_can_post_as_the_group true
+```
+
+## Message Display Font
+### Syntax
+```
+gam update group <group> message_display_font default_font|fixed_width_font
+```
+Sets the font that will be used in display group messages from the Google Groups UI. default\_font is the normal. fixed\_width\_font uses a special fixed-width font in the display.
+
+### Example
+This example turns on the fixed\_width\_font for the ascii-fun@acme.com group
+```
+gam update group ascii-fun@acme.com message_display_font fixed_width_font
+```
+
+---
+
+
+## Description
+### Syntax
+```
+gam update group <group> description <group description>
+```
+Change the group description. This is the same group description set by the [group provisioning GAM command](ExamplesProvisioning#Update_Group_Settings). This command exists only to allow changing the group description with the same API call while performing other Group Settings operations.
+
+### Example
+This example changes the party@acme.com group description to be "messages regarding upcoming parties"
+```
+gam update group party@acme.com description "messages regarding upcoming parties"
+```
+
+---
+
+
+## Group Name
+### Syntax
+```
+gam update group <group> name <new name>
+```
+Change the group name. This is the same group name set by the [group provisioning GAM command](ExamplesProvisioning#Update_Group_Settings). This command exists only to allow changing the group name with the same API call while performing other Group Settings operations.
+
+### Example
+This example changes the group name to "Acme Employees"
+```
+gam update group employees@acme.com name "Acme Employees"
+```
+
+---
+
+
+## Spam Moderation Level
+### Syntax
+```
+gam update group <group> spam_moderation_level allow|moderate|silently_moderate|reject
+```
+Change the spam moderation settings for the group. Allow will disable the spam filter and allow all mail from persons allowed to post to the group. moderate will place suspected spam messages in a moderation queue and notify group owners. silenty\_moderate will place suspected spam message in a moderation queue WITHOUT notifying group owners. reject will fail message delivery for messages suspected of being spam.
+
+### Example
+This example turns off spam filtering for the info@acmewidgets.com group
+```
+gam update group info@acmewidgets.com spam_moderation_level allow
+```
+
+---
+
+
+## Include in Global Address List (GAL)
+### Syntax
+```
+gam update group <group> include_in_global_address_list true|false
+```
+Include or remove this group's address from the Google Apps Global Address List (GAL). This setting is the group equivalent of the [Hide/Unhide user profile setting](ExamplesEmailSettings#Changing_a_users_profile_to_hidden/unhidden).  If a group is included (true), they'll show up in autocomplete and contact searches for addresses. If a group is not included (false), users will not be able to discover the groups's address and detailed contact info via autocomplete or contacts search.
+
+**Note:** this setting and the [Show in Groups Directory](GAM3GroupSettings#show-in-groups-directory) setting are not the same. To hide a group completely you should set both to false.
+
+### Example
+This example hides the group topsecret@newwidgets.com from the Global Address List.
+```
+gam update group topsecret@newwidgets.com include_in_global_address_list false
+```
+
+---
+
+
+## Who Can Leave Group
+### Syntax
+```
+gam update group <group> who_can_leave_group NONE_CAN_LEAVE|ALL_MEMBERS_CAN_LEAVE|ALL_MANAGERS_CAN_LEAVE
+```
+Determines if regular users are allowed to leave a group. Setting this to ALL\_MANAGERS\_CAN\_LEAVE prevents regular members from unsubscribing to the group via the Web UI or email. Setting this to NONE\_CAN\_LEAVE prevents all members, including managers and owners, from unsubscribing to the group via the Web UI or email. Note that forcing a user to remain in a group increases the odds that they'll report your group mail as spam so it's strongly recommended to only use this setting for groups containing internal users only.
+
+### Example
+This example prevents regular users from leaving the everyone@acme.com group.
+```
+gam update group everyone@acme.com who_can_leave_group ALL_MANAGERS_CAN_LEAVE
+```
+
+---
+
+
+## Who Can Contact Owner
+### Syntax
+```
+gam update group <group> who_can_contact_owner ANYONE_CAN_CONTACT|ALL_IN_DOMAIN_CAN_CONTACT|ALL_MEMBERS_CAN_CONTACT|ALL_MANAGERS_CAN_CONTACT
+```
+Determines who is allowed to email the special group+owners@domain.com address in order to contact group owners.
+
+### Example
+This example prevents external email addresses from spamming helpdesk+owners@acme.com.
+```
+gam update group helpdesk@acme.com who_can_contact_owner ALL_IN_DOMAIN_CAN_CONTACT
+```
+
+---

docs/GAMADV-XTD3-on-Android-Devices.md

@@ -1,16 +0,0 @@
-# GAMADV-XTD3 on Android Devices
-GAMADV-XTD3 now runs on 64-bit Android devices such as Google's Pixel phones. The installation requires an app that adds the Linux environment to Android such as [UserLAnd](https://play.google.com/store/apps/details?id=tech.ula&hl=en_US).
-
-_Note: Chromebooks / Chrome OS devices should install GAMADV-XTD3 using [these instructions](GAMADV-XTD3-on-Chrome-OS-Devices)._
-
-1. Install the [UserLAnd](https://play.google.com/store/apps/details?id=tech.ula&hl=en_US) app.
-2. Click Debian to install a Debian environment.
-3. Set a username and password.
-4. Choose SSH for connection type.
-5. Once setup, login with the password to get to a Linux shell.
-6. Run the following commands to install prerequisites:
-```
-    sudo apt update
-    sudo apt install curl python3
-```
-7. [How to Install Advanced GAM](How-to-Install-Advanced-GAM)

docs/GAMADV-XTD3-on-Chrome-OS-Devices.md

@@ -1,14 +0,0 @@
-# GAMADV-XTD3 on Chrome OS Devices
-Chrome OS devices that [support Linux apps](https://support.google.com/chromebook/answer/9145439?hl=en) can run GAMADV-XTD3. This includes Intel/AMD x86_64 Chromebooks as well as ARM-based Chromebooks with Mediatek or Rockchip 64-bit CPUs.
-
-1. [Set up Linux on your Chromebook](https://support.google.com/chromebook/answer/9145439?hl=en).
-1. From the Terminal app, run the following commands:
-```
-    sudo apt update
-    sudo apt install xz-utils
-```
-3. [How to Install Advanced GAM](How-to-Install-Advanced-GAM)
-
-# Google cloud shell
-
-Note that from a Chrome OS device, it might be just as easy to use [Google Cloud Shell](https://cloud.google.com/shell). Especially if you are concerned about network connectivity and/or bandwidth, using a shell instance within Google's server infrastructure is always going to be less resource intensive than sending data back and forth between a Google API and your local machine on your local network.

docs/GamUpdates.md

@@ -8,7 +8,7 @@ Automatic update to the latest version on Linux/Mac OS/Google Cloud Shell/Raspbe
 By default, a folder, `gam7`, is created in the default or specified path and the files are downloaded into that folder.
 Add the `-s` option to the end of the above commands to suppress creating the `gam7` folder; the files are downloaded directly into the default or specified path.
 
-See [Downloads-Installs-GAM7](https://github.com/taers232c/GAMADV-XTD3/wiki/Downloads-Installs) for Windows or other options, including manual installation
+See [Downloads-Installs-GAM7](https://github.com/GAM-team/GAM/wiki/Downloads-Installs) for Windows or other options, including manual installation
 
 ### 7.00.12
 
@@ -115,7 +115,7 @@ Added support for groups when defining Chrome policies.
 
 Added support for the Meet API.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Meet
+* See: https://github.com/GAM-team/GAM/wiki/Users-Meet
 
 Added option `countsonly` to the following course commands that displays
 the number of items in a course but not the details of the items.
@@ -192,7 +192,7 @@ Added `my_publishable_items` to `<DriveFileQueryShortcut>` that can be used in
 published to the web: documents, forms, presentations(slides), spreadsheets. With row filtering,
 this allows identification of files that have been published outside your domain.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#display-files-published-to-the-web
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#display-files-published-to-the-web
 
 ### 6.80.12
 
@@ -307,7 +307,7 @@ Added option `addcsvdata <FieldName> <String>` to `gam <UserTypeEntity> print te
 additional columns of data to the CSV file output. This can be used when ACLs for selected users are to be
 replaced with a different user email address.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Shared-Drives#bulk-change-user1-shared-drive-access-to-user2
+* See: https://github.com/GAM-team/GAM/wiki/Users-Shared-Drives#bulk-change-user1-shared-drive-access-to-user2
 
 ### 6.79.08
 
@@ -368,7 +368,7 @@ Updated code to work around a Cryptography library change that caused service ac
 Added command to check if an OU contains items; this is useful when tryng to delete an OU
 as it must not contain any items in order to be deleted.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Organizational-Units#check-organizational-unit-for-contained-items
+* See: https://github.com/GAM-team/GAM/wiki/Organizational-Units#check-organizational-unit-for-contained-items
 
 ### 6.77.18
 
@@ -509,7 +509,7 @@ gam <UserItem> info chatmember asadmin
 gam <UserItem> print|show chatmembers|asadmin
 ```
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat#developer-preview-admin-access
+* See: https://github.com/GAM-team/GAM/wiki/Users-Chat#developer-preview-admin-access
 
 Added `use_chat_admin_access` Boolean variable to `gam.cfg`. 
 ```
@@ -607,7 +607,7 @@ Added options `deletefromoldowner`, `addtonewowner <CalendarAttribute>*` and `no
 to `gam <UserTypeEntity> transfer calendars <UserItem>` that allow manipulation of the
 source and target user's calendar lists.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Access#transfer-calendar-ownership
+* See: https://github.com/GAM-team/GAM/wiki/Users-Calendars-Access#transfer-calendar-ownership
 
 ### 6.76.04
 
@@ -694,7 +694,7 @@ Updated `gam create project` to simplify handling the situation where your works
 
 Added command `gam upload sakey` to aid in this process.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#upload-a-service-account-key-to-a-service-account-with-no-keys
+* See: https://github.com/GAM-team/GAM/wiki/Authorization#upload-a-service-account-key-to-a-service-account-with-no-keys
 
 ### 6.74.02
 
@@ -720,7 +720,7 @@ Do `gam oauth delete` and `gam oauth create` to set the untruncated value of `cl
 
 The Google Chat API has been updated so that chat members can now have their role set to manager.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat#manage-chat-members
+* See: https://github.com/GAM-team/GAM/wiki/Users-Chat#manage-chat-members
 
 ### 6.72.16
 
@@ -802,7 +802,7 @@ Cleaned up code for all commands that display Chat objects.
 
 Added commands to display Chat events.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat#display-chat-events
+* See: https://github.com/GAM-team/GAM/wiki/Users-Chat#display-chat-events
 
 ### 6.72.03
 
@@ -824,7 +824,7 @@ Improved commands to display drive file comments.
 
 Added commands to display drive file comments.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Comments
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Comments
 
 ### 6.71.18
 
@@ -908,7 +908,7 @@ This produces a CSV file that can be used in subsequent commands without further
 
 Added command to upload changes to Google Docs.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Manage#upload-changes-to-google-documents
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Manage#upload-changes-to-google-documents
 
 ### 6.71.06
 
@@ -989,7 +989,7 @@ Updated `gam info users <UserTypeEntity>` to not include group tree infornation
 
 Added commands to create|delete|display Drive Label permissions.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Labels
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Labels
 
 ### 6.70.04
 
@@ -997,7 +997,7 @@ Added option `showvalidcolumn` to `gam print users` that can be used to identify
 users are defined in the domain. Typically, you would read CSV file of email addresses
 to verify as domain members.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users#verify-domain-membership
+* See: https://github.com/GAM-team/GAM/wiki/Users#verify-domain-membership
 
 Added option `addcsvdata <FieldName> <String>` to `gam print users` that adds
 additional columns of data to the CSV file output. Typically, you would read CSV file of email addresses
@@ -1031,7 +1031,7 @@ default values for the `incertdir <FilePath>` and `inkeydir <FilePath>` options
 
 Added support for Gmail Client Side Encryption.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Gmail-CSE
+* See: https://github.com/GAM-team/GAM/wiki/Users-Gmail-CSE
 
 This is an initial, minimally tested release; proceed with care and report all issues.
 
@@ -1086,7 +1086,7 @@ API shortcoming that failed to get all of the Cloud Identity fields.
 
 Added option `skiprows <Integer>` to `gam csv|loop` that causes GAM to skip processing the first `<Integer>` filtered rows.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Bulk-Processing#csv-files
+* See: https://github.com/GAM-team/GAM/wiki/Bulk-Processing#csv-files
 
 ### 6.68.03
 
@@ -1149,7 +1149,7 @@ nottypelist <DriveFileACLTypeList>
 rolelist <DriveFileACLRoleList>
 notrolelist <DriveFileACLRoleList>
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Permission-Matches#define-a-match
+* See: https://github.com/GAM-team/GAM/wiki/Permission-Matches#define-a-match
 
 ### 6.67.34
 
@@ -1278,17 +1278,17 @@ Cleaned up `Getting/Got` messages for `gam print courses|course-participants`.
 Added option `showitemcountonly` to various commands that causes GAM to display the
 item count on stdout; no CSV file is written.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Groups#display-group-counts
+* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Groups#display-group-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Classroom-Courses#display-course-counts
+* See: https://github.com/GAM-team/GAM/wiki/Classroom-Courses#display-course-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Classroom-Membership#display-course-membership-counts
+* See: https://github.com/GAM-team/GAM/wiki/Classroom-Membership#display-course-membership-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/ChromeOS-Devices#display-cros-device-counts
+* See: https://github.com/GAM-team/GAM/wiki/ChromeOS-Devices#display-cros-device-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Devices#display-device-counts
+* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Devices#display-device-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Devices#display-device-user-counts
+* See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Devices#display-device-user-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Groups#display-group-counts
+* See: https://github.com/GAM-team/GAM/wiki/Groups#display-group-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Mobile-Devices#display-mobile-device-counts
+* See: https://github.com/GAM-team/GAM/wiki/Mobile-Devices#display-mobile-device-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Organizational-Units#display-organizational-unit-counts
+* See: https://github.com/GAM-team/GAM/wiki/Organizational-Units#display-organizational-unit-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Resources#display-resource-counts
+* See: https://github.com/GAM-team/GAM/wiki/Resources#display-resource-counts
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users#display-user-counts
+* See: https://github.com/GAM-team/GAM/wiki/Users#display-user-counts
 
 ### 6.67.16
 
@@ -1435,7 +1435,7 @@ that replaces the old API function `action`; ChromeOS devices are now processed
 The batch size defaults to 10, the `actionbatchsize <Integer>` option can be used to set a batch size between 10 and 250.
 
 Updated `gam create vaultexport matter <MatterItem>` to support `corpus calendar`.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Vault-Takeout#create-vault-exports
+* See: https://github.com/GAM-team/GAM/wiki/Vault-Takeout#create-vault-exports
 
 ### 6.66.16
 
@@ -1525,7 +1525,7 @@ Added a command the print the parent tree of file/folder.
 gam <UserTypeEntity> print fileparenttree <DriveFileEntity> [todrive <ToDriveAttribute>*]
         [stripcrsfromname]
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#display-file-parent-tree
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#display-file-parent-tree
 
 ### 6.66.05
 
@@ -1561,12 +1561,12 @@ todrive_no_escape_char - default value True
 When the value is True, `\` is ignored as an escape character; when the value is False,
 `\\` on input is converted to `\`, `\` on output is converted to `\\`.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Special-Characters
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Special-Characters
 
 ### 6.66.00
 
 Added support for `Focus Time` and `Out of Office` status events in user's primary calendars.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Events#status-events
+* See: https://github.com/GAM-team/GAM/wiki/Users-Calendars-Events#status-events
 This is a work-in-progress.
 
 Updated `gam <UserTypeEntity> print|show messages` to allow option `show_size` to be used with option `countsonly`
@@ -1621,7 +1621,7 @@ gam <UserTypeEntity> print filelist
 gam <UserTypeEntity> print|show filetree
 gam <UserTypeEntity> print diskusage
 ```
-See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#file-size-fields
+See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#file-size-fields
 
 ### 6.65.12
 
@@ -1662,7 +1662,7 @@ additional columns of data to the CSV file output.
 Added option `shownoactivities` to `gam report <ActivityApplicationName>` that causes GAM to display
 a row with a key value of `NoActivities` when there are no activities to report.
 
-For example, to find Shared Drives with no activity, see: https://github.com/taers232c/GAMADV-XTD3/wiki/Reports#find-shared-drives-with-no-activity
+For example, to find Shared Drives with no activity, see: https://github.com/GAM-team/GAM/wiki/Reports#find-shared-drives-with-no-activity
 
 ### 6.65.07
 
@@ -1736,7 +1736,7 @@ Added option `showmimetypesize` to `gam <UserTypeEntity> print|show filecounts`
 Fixed bug in `gam <UserTypeEntity> create contact <JSONData>` that caused a trap when
 contacts were being copied from one user to another.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-People-Contacts-Profiles#copy-user-contacts-to-another-user
+* See: https://github.com/GAM-team/GAM/wiki/Users-People-Contacts-Profiles#copy-user-contacts-to-another-user
 
 Updated the following commands to allow specification of a task list by its title.
 ```
@@ -1780,7 +1780,7 @@ Added command to get customer app details.
 gam info appdetails android|chrome|web <AppID> [formatjson]
 ```
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Chrome-Installed-Apps
+* See: https://github.com/GAM-team/GAM/wiki/Chrome-Installed-Apps
 
 ### 6.64.12
 
@@ -1863,7 +1863,7 @@ ERROR: 403: unsupportedSupervisedAccount - Access Forbidden. The authenticated u
 
 Added support for displaying users YouTube channels.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-YouTube
+* See: https://github.com/GAM-team/GAM/wiki/Users-YouTube
 
 ### 6.63.19
 
@@ -2058,7 +2058,7 @@ With `gam update user`, `alwaysevict` only applies if `createifnotfound` is spec
 
 Added support for calendar working location events.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars-Events#working-location-events
+* See: https://github.com/GAM-team/GAM/wiki/Users-Calendars-Events#working-location-events
 
 ### 6.62.08
 
@@ -2097,7 +2097,7 @@ Added progress messages (suppressible)  to `gam <UserTypeEntity> print diskusage
 
 Added command `gam <UserTypeEntity> print diskusage` to display disk usage by folder.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#display-disk-usage
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#display-disk-usage
 
 ### 6.62.03
 
@@ -2144,7 +2144,7 @@ errorretries <Integer> - Number of create/update error retries; default value 5,
 updateinitialdelay <Integer> - Initial delay after create before update: default value 10, range 0-60
 updateretrydelay <Integer> - Retry delay when update fails; default value 10, range 0-60
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Shared-Drives#create-a-shared-drive
+* See: https://github.com/GAM-team/GAM/wiki/Shared-Drives#create-a-shared-drive
 
 ### 6.61.17
 
@@ -2176,7 +2176,7 @@ Added option `contentrestrictions ownerrestricted [<Boolean>]` to `<DriveFileAtt
 Added `aggregatebyuser [Boolean]` option to `gam report user` to allow data aggregation for users across multiple dates.
 Options `aggregatebyuser` and `aggregatebydate` are mutually exclusive.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Reports#user-reports
+* See: https://github.com/GAM-team/GAM/wiki/Reports#user-reports
 
 ### 6.61.13
 
@@ -2288,7 +2288,7 @@ specified by the environment variable `OLDGAMPATH`.
 Added option `addcsvdata <FieldName> <String>` to `gam print forms|formresponses`. This adds additional columns of data to the CSV file output.
 This can be used to combine form information from several GAM commands.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Forms#combine-form-information
+* See: https://github.com/GAM-team/GAM/wiki/Users-Forms#combine-form-information
 
 Following Jay's lead, projects can now be created with consumer accounts.
 
@@ -2399,7 +2399,7 @@ gam print chromesnvalidity [todrive <ToDriveAttribute>*]
         cros_sn <SerialNumberEntity> [listlimit <Number>]
         [delimiter <Character>]
 ```
-See: https://github.com/taers232c/GAMADV-XTD3/wiki/ChromeOS-Devices#check-chromeos-device-serial-number-validity
+See: https://github.com/GAM-team/GAM/wiki/ChromeOS-Devices#check-chromeos-device-serial-number-validity
 
 ### 6.60.13
 
@@ -2442,7 +2442,7 @@ gam update group teachers@domain.com sync member additionalmembers counselor@dom
 
 Added commands to display Analytic account/property/datastream information.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Analytics-Admin
+* See: https://github.com/GAM-team/GAM/wiki/Analytics-Admin
 
 ### 6.60.08
 
@@ -2497,7 +2497,7 @@ and to allow specification of members.
 
 Added initial support for user chat spaces. This is a work in progress, test and report any problems.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Chat
+* See: https://github.com/GAM-team/GAM/wiki/Users-Chat
 
 Improved performance of `gam <UserTypeEntity> delete|move|update othercontacts`.
 
@@ -2699,7 +2699,7 @@ Sites API - sites.google.com
 
 Added commands to display Analytic account/property information.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Analytics-Admin
+* See: https://github.com/GAM-team/GAM/wiki/Analytics-Admin
 
 ### 6.58.03
 
@@ -2897,7 +2897,7 @@ optional argument `name` before `<String>` to make clear that `<String>` is the
 
 Added commands to export messages/threads in EML/raw format.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Gmail-Messages-Threads#export-messagesthreads
+* See: https://github.com/GAM-team/GAM/wiki/Users-Gmail-Messages-Threads#export-messagesthreads
 
 ### 6.54.00
 
@@ -2927,7 +2927,7 @@ gam delete chromenetwork
 
 Added commands to display the share type counts of a user's files.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#display-file-share-counts
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#display-file-share-counts
 
 ### 6.53.01
 
@@ -3005,7 +3005,7 @@ Following Jay's lead, the following scopes will be off by default as changes to
 may require frequent use of `gam aouth create`.
 
 * See: https://workspaceupdates.googleblog.com/2023/03/google-cloud-session-length-default-update.html
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Authorization#introduction
+* See: https://github.com/GAM-team/GAM/wiki/Authorization#introduction
 
 ```
 [ ] 21)  Cloud Storage API (Read, Vault/Takeout Download)
@@ -3063,7 +3063,7 @@ Upgraded `gam <UserTypeEntity> check serviceaccount` to avoid a trap when a prox
 Added support for `externalid`, `im`, `posix`, `relation`, `sshkeys` and `website` subfields in `gam <UserTypeEntity> signature` and
 `gam <UserTypeEntity> create|update sendas` option `replace <Tag> <UserReplacement>`.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Tag-Replace
+* See: https://github.com/GAM-team/GAM/wiki/Tag-Replace
 
 ### 6.51.01
 
@@ -3157,7 +3157,7 @@ UnicodeDecodeError: 'utf-8' codec can't decode byte 0x92 in position 1643: inval
 
 Fixed build bug that caused the following error:
 ```
-ERROR: Discovery File: /usr/local/gamadv-xtd3/datastudio-v1.json, Does not exist or has invalid format, No data
+ERROR: Discovery File: /usr/local/gam7/datastudio-v1.json, Does not exist or has invalid format, No data
 ```
 
 ### 6.50.06
@@ -3208,12 +3208,12 @@ Fix YubiKey issue that caused a trap.
 
 Following Jay's lead (with many thanks), added commands to enable running GAM securely on a Google Compute Engine.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Running-GAMADV-XTD3-securely-on-a-Google-Compute-Engine
+* See: https://github.com/GAM-team/GAM/wiki/Running-GAM7-securely-on-a-Google-Compute-Engine
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Using-GAMADV-XTD3-with-a-delegated-admin-service-account
+* See: https://github.com/GAM-team/GAM/wiki/Using-GAM7-with-a-delegated-admin-service-account
 
 Following Jay's lead (with many thanks), added commands to enable using a Yubikey.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Using-GAMADV-XTD3-with-a-YubiKey
+* See: https://github.com/GAM-team/GAM/wiki/Using-GAM7-with-a-YubiKey
 
 These Wiki pages are a work in progress, contact me if you need help.
 
@@ -3236,7 +3236,7 @@ contained Latin-1 characters.
 
 Added option `accesstype public|team|announcementonly|restricted` to `gam create|update group`.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Groups#gui-api-group-access-type-settings-mapping
+* See: https://github.com/GAM-team/GAM/wiki/Groups#gui-api-group-access-type-settings-mapping
 
 ### 6.42.09
 
@@ -3274,7 +3274,7 @@ trying to build a folder hierarchy on a Shared Drive.
 
 Added a command that creates a folder hierarchy.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Manage#create-folder-hierarchy
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Manage#create-folder-hierarchy
 
 ### 6.42.03
 
@@ -3318,8 +3318,8 @@ so that the query generated will work correctly. Previously, only ` ` (space) an
 
 Following Jay's lead, added commands commands to copy Google Vault and Organization Takeout data to your own GCS bucket.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Vault-Takeout#copy-vault-exports
+* See: https://github.com/GAM-team/GAM/wiki/Vault-Takeout#copy-vault-exports
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Vault-Takeout#copy-a-takeout-bucket
+* See: https://github.com/GAM-team/GAM/wiki/Vault-Takeout#copy-a-takeout-bucket
 
 Updated `gam <UserTypeEntity> create contact` to treat the following options as errors;
 previously, they were silently ignored.
@@ -3375,8 +3375,8 @@ Added support for `gender` subfields in `gam <UserTypeEntity> signature` and
 Extended `csv_input_row_filter`, `csv_input_row_drop_filter`, `csv_output_row_filter` and `csv_output_row_drop_filter`
 to allow specification of filters based on text comparisons.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Input-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Input-Filtering
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Output-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Output-Filtering
 
 ### 6.32.00
 
@@ -3516,7 +3516,7 @@ error message and set the return code to 50 if the user has a default profile ph
 Added option `gphoto <EmailAddress> <DriveFileIDEntity>|<DriveFileNameEntity>` to `gam <UserTypeEntity> update photo`
 that specifies an owner and file to be used as the source of the photo.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Photo
+* See: https://github.com/GAM-team/GAM/wiki/Users-Photo
 
 ### 6.30.14
 
@@ -3547,8 +3547,8 @@ that allows deleting a user from all groups of which they are a member based on
 
 Added the ability to specify fields when displaying calendars.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Calendars
+* See: https://github.com/GAM-team/GAM/wiki/Calendars
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Calendars
+* See: https://github.com/GAM-team/GAM/wiki/Users-Calendars
 
 ### 6.30.09
 
@@ -3816,7 +3816,7 @@ Added option `emlfile <FileName>` to `gam <UserTypeEntity> draft|insert|import m
 allows processing an EML message file. SMTP headers specified in the command will replace those in the message file.
 
 Following Jay's lead, added commands to manage/display Inbound SSO.
-* https://github.com/taers232c/GAMADV-XTD3/wiki/Inbound-SSO
+* https://github.com/GAM-team/GAM/wiki/Inbound-SSO
 * https://admin.google.com/ac/security/sso
 
 ### 6.28.12
@@ -4063,7 +4063,7 @@ retry interval is 30 seconds.
 
 Added command `gam <UserTypeEntity> print|show grouptree` to display a user's groups and their parent groups.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Group-Membership#display-groups-and-their-parents
+* See: https://github.com/GAM-team/GAM/wiki/Users-Group-Membership#display-groups-and-their-parents
 
 ### 6.27.09
 
@@ -4073,7 +4073,7 @@ Corrected JSON output in `gam <UserTypeEntity> print userlist`.
 
 Added command `gam <UserTypeEntity> print userlist` to display the list of users in `<UserTypeEntity>` in a single row.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users#print-user-list
+* See: https://github.com/GAM-team/GAM/wiki/Users#print-user-list
 
 ### 6.27.07
 
@@ -4156,8 +4156,8 @@ Previously, the following incorrect error message was displayed:
 Extended `csv_input_row_filter`, `csv_input_row_drop_filter`, `csv_output_row_filter` and `csv_output_row_drop_filter`
 to allow specification of filters based on field string length.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Input-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Input-Filtering
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Output-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Output-Filtering
 
 ### 6.26.13
 
@@ -4253,7 +4253,7 @@ the user's groups without making the addtional API call per group to get role, s
 
 Added command that allows checking if a user is a member of specific groups.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Group-Membership#check-users-group-membership
+* See: https://github.com/GAM-team/GAM/wiki/Users-Group-Membership#check-users-group-membership
 
 ### 6.26.00
 
@@ -4326,7 +4326,7 @@ copysubfolders [<Boolean>] foldernamematchpattern <RegularExpression>
 copysubshortcuts [<Boolean>] shortcutnamematchpattern <RegularExpression>
 ```
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Copy-Move#copy-files-and-folders
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Copy-Move#copy-files-and-folders
 
 Added the following mutually exclusive options to `gam <UserTypeEntity> delete|update|sync|print|show groups`
 to allow more control over which groups are processed for a user. The `customerid <CustomerID>` option
@@ -4336,7 +4336,7 @@ domain <DomainName>
 customerid <CustomerID>
 ```
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Group-Membership
+* See: https://github.com/GAM-team/GAM/wiki/Users-Group-Membership
 
 ### 6.25.13
 
@@ -4350,7 +4350,7 @@ Updated `gam info user` to display the same data (in different formats) when `qu
 Added option `selectmaincontacts` to `<PeoplePrintShowUserContactSelection>` to allow more flexibility in selecting contacts to display
 with `gam <UserTypeEntity> print|show contacts`.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-People-Contacts-Profiles#select-user-contacts
+* See: https://github.com/GAM-team/GAM/wiki/Users-People-Contacts-Profiles#select-user-contacts
 
 ### 6.25.11
 
@@ -4434,8 +4434,8 @@ gam user user@domain.com check serviceaccount
 ```
 Supported editions for this feature: Business Standard and Business Plus; Enterprise; Education Standard and Education Plus; G Suite Business; Essentials.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Labels
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Labels
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display
 
 ### 6.24.27
 
@@ -4493,7 +4493,7 @@ cros_ous_and_children_queries <OrgUnitList> <QueryCrOSList>
 These allow specifying an OU, or a list of OUs, and a query or a list of queries
 that apply to those OUs.
 
-See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-ChromeOS-Devices
+See: https://github.com/GAM-team/GAM/wiki/Collections-of-ChromeOS-Devices
 
 Example:
 ```
@@ -4618,7 +4618,7 @@ display tasks in date order within the hierarchy.
 ### 6.24.00
 
 Added commands to manage and display Google Tasks.
-* https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Tasks
+* https://github.com/GAM-team/GAM/wiki/Users-Tasks
 
 ### 6.23.01
 
@@ -4696,11 +4696,11 @@ are still handled incorrectly by the API when accessed directly.
 
 Added option `oneitemperrow` to `gam print vaultexports|exports` to have each of an
 exports cloudStorageSink files displayed on a separate row.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Vault#display-vault-exports
+* See: https://github.com/GAM-team/GAM/wiki/Vault#display-vault-exports
 
 Added options `bucketmatchpattern <RegularExpression>` and `objectmatchpattern <RegularExpression>`
 to `gam download vaultexport|export` to allow selective downloading of export files.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Vault#download-vault-exports
+* See: https://github.com/GAM-team/GAM/wiki/Vault#download-vault-exports
 
 ### 6.22.17
 
@@ -4753,7 +4753,7 @@ that adds additional path information indicating that a file is an Orphan or Sha
 Added keywords `mydriveid` and `rootid` to `<DriveFileEntity>` as synonyms for `mydrive` and `root` in all
 commands except `gam <UserTypeEntity> print filelist|filetree`. In those commands, `select mydrive|root`
 is used to select a class of files; `select mydriveid|rootid` is used to select a folder starting point.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Display#display-file-list
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Display#display-file-list
 
 ### 6.22.13
 
@@ -4848,8 +4848,8 @@ Fixed bug in code introduced in 6.22.00 that caused a trap.
 Extended `csv_input_row_filter`, `csv_input_row_drop_filter`, `csv_output_row_filter` and `csv_output_row_drop_filter`
 to allow specification of filter values from a list, flat file or CSV file.
 
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Input-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Input-Filtering
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/CSV-Output-Filtering
+* See: https://github.com/GAM-team/GAM/wiki/CSV-Output-Filtering
 
 ### 6.21.07
 
@@ -4972,17 +4972,17 @@ move the Team Drive to the specified OU. This option is only available when the
 As Jay says: THIS FEATURE IS CURRENTLY ALPHA.
 
 Follwing Jay's lead, added commands to manage/display Context-Aware Access Levels.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Context-Aware-Access-Levels
+* See: https://github.com/GAM-team/GAM/wiki/Context-Aware-Access-Levels
 
 ### 6.18.04
 
 Added the ability to upload Note attachments to Google Drive.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Keep#download-note-attachments
+* See: https://github.com/GAM-team/GAM/wiki/Users-Keep#download-note-attachments
 
 ### 6.18.03
 
 Added command to download Note attachments.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Keep#download-note-attachments
+* See: https://github.com/GAM-team/GAM/wiki/Users-Keep#download-note-attachments
 
 Updated `gam delete|update schema` to handle the following error:
 ```
@@ -5001,7 +5001,7 @@ currently, any failure terminates the project creation.
 ### 6.18.00
 
 Added initial support for the Cloud Channel API; this is used by resellers.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Channel
+* See: https://github.com/GAM-team/GAM/wiki/Cloud-Channel
 
 ### 6.17.02
 
@@ -5018,7 +5018,7 @@ Fixed bug in `gam <UserTypeEntity> print forms` that caused a trap when a form h
 ### 6.17.00
 
 Added initial support for the Forms API.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Forms
+* See: https://github.com/GAM-team/GAM/wiki/Users-Forms
 
 Fixed bug in `gam <UserTypeEntity> print|show filecounts ... showmimetype [not] <MimeTypeList>` that
 removed `'me' in owners` from the query.
@@ -5174,8 +5174,8 @@ that allows using regular expressions to modify the copied/updated file name.
 gam user user@domain.com update drivefile query "name contains '2020-2021'" replacefilename "2020-2021" "2021-2022"
 gam user user@domain.com copy drivefile name Template parentid root recursive replacefilename Template NewCustomer
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Files-Manage#update-files
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Files-Manage#update-files
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Copy-Move#copy-files-and-folders
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Copy-Move#copy-files-and-folders
 
 ### 6.15.22
 
@@ -5203,7 +5203,7 @@ Fixed bug in `gam <UserTypeEntity> print datastudiopermissions` where `todrive`
 ### 6.15.19
 
 Further cleanup of `gam create|update alias`.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Aliases
+* See: https://github.com/GAM-team/GAM/wiki/Aliases
 
 ### 6.15.18
 
@@ -5264,7 +5264,7 @@ required by the API.
 
 Following Jay's lead, added option `condition securitygroup|nonsecuritygroup` to `gam create admin`
 and option `condition` to `gam print|show admins`.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Administrators
+* See: https://github.com/GAM-team/GAM/wiki/Administrators
 
 ### 6.15.07
 
@@ -5305,7 +5305,7 @@ that provide more flexibility in managing permissions when copying/moving folder
 copysheetprotectedrangesinheritedpermissions [<Boolean>]
 copysheetprotectedrangesnoninheritedpermissions [<Boolean>]
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Copy-Move#copy-permissions
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Copy-Move#copy-permissions
 
 ### 6.15.01
 
@@ -5389,7 +5389,7 @@ the name of the source drive/folder (Name column) in addition to its ID (Source
 ### 6.14.04
 
 Added a command to move Other Contacts to My Contacts.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-People-Contacts-Profiles#move-user-other-contacts
+* See: https://github.com/GAM-team/GAM/wiki/Users-People-Contacts-Profiles#move-user-other-contacts
 ```
 gam <UserTypeEntity> move othercontacts <OtherContactResourceNameEntity>|<OtherContactSelection>
 ```
@@ -5400,14 +5400,14 @@ Improved action performed messages in `gam <UserTypeEntity> update othercontacts
 
 Added a command to delete Other Contacts.
 * Thanks to Kim Nilsson for finding a Stack Overflow page that showed the way to do this.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-People-Contacts-Profiles#delete-user-other-contacts
+* See: https://github.com/GAM-team/GAM/wiki/Users-People-Contacts-Profiles#delete-user-other-contacts
 ```
 gam <UserTypeEntity> delete othercontacts <PeopleResourceNameEntity>|<PeopleUserOtherContactSelection>
 ```
 
 Added a command to update Other Contacts and move them to My Contacts.
 * Thanks to Kim Nilsson for finding a Stack Overflow page that showed the way to do this.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-People-Contacts-Profiles#update-user-other-contacts
+* See: https://github.com/GAM-team/GAM/wiki/Users-People-Contacts-Profiles#update-user-other-contacts
 ```
 gam <UserTypeEntity> update othercontacts <PeopleResourceNameEntity>|<PeopleUserOtherContactSelection>
         <PeopleContactAttribute>+
@@ -5443,8 +5443,8 @@ copymergedsubfolderpermissions [<Boolean>]
 copysubfolderinheritedpermissions [<Boolean>]
 copysubfoldernoninheritedpermissions never|always|syncallfolders|syncupdatedfolders
 ```
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Copy-Move#copy-permissions
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Copy-Move#copy-permissions
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Drive-Copy-Move#move-permissions
+* See: https://github.com/GAM-team/GAM/wiki/Users-Drive-Copy-Move#move-permissions
 
 Following Jay's lead, added command `gam <UserTypeEntity> show vaultholds` to display all vault holds
 affecting a user. This allows you to investigate the error `Delete Failed: Precondition is not met.`
@@ -5507,7 +5507,7 @@ Added option `showsize` to `gam <UserTypeEntity> print|show filecounts` that dis
 size (in bytes) of the files counted.
 
 Following Jay's lead, added commands to display ChromeOS device telemetry data.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/ChromeOS-Devices#display-chromeos-telemetry-data
+* See: https://github.com/GAM-team/GAM/wiki/ChromeOS-Devices#display-chromeos-telemetry-data
 
 To use these commands  you must authorize an additional scope:
 * `Chrome Management API - Telemetry read only`
@@ -5576,7 +5576,7 @@ the Drive API returns the permission IDs but not the permissions themselves so G
 per file to get the permissions.
 
 Added commands that can process lists of Gmail labels.
-* See: https://github.com/taers232c/GAMADV-XTD3/wiki/Users-Gmail-Labels
+* See: https://github.com/GAM-team/GAM/wiki/Users-Gmail-Labels
 
 ### 6.12.05
 
@@ -5652,7 +5652,7 @@ When specifying `<UserAttribute> languages`, it is an error to specify a custom
 
 Added option `includederivedmembership` to `gam print|show cigroup-members`.
 This option causes the API to list indirect members of groups.
-See: https://github.com/taers232c/GAMADV-XTD3/wiki/Cloud-Identity-Groups-Membership
+See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Groups-Membership
 
 Updated `gam oauth export|refresh` to privent the following error.
 ```

docs/Google-Data-Transfers.md

@@ -1,4 +1,4 @@
-# Google Data Transfers
+!# Google Data Transfers
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)
 - [Display transfer apps](#display-transfer-apps)

docs/Google-Network-Addresses.md

@@ -1,4 +1,4 @@
-# Google Network Addresses
+!# Google Network Addresses
 
 All GAM calls are made on port 443 (HTTPS) to the following addresses:
 ```

docs/GoogleDriveManagement.md

@@ -0,0 +1,389 @@
+- [Managing Google Drive Files and Folders for users](#managing-google-drive-files-and-folders-for-users)
+  - [Printing User Drive Files to a CSV](#printing-user-drive-files-to-a-csv)
+  - [Creating and Uploading Drive Files for Users](#creating-and-uploading-drive-files-for-users)
+  - [Updating Drive Files for Users](#updating-drive-files-for-users)
+  - [Downloading Drive Files For Users](#downloading-drive-files-for-users)
+  - [Deleting Google Drive Files for Users](#deleting-google-drive-files-for-users)
+  - [Show Drive File Info for Users](#show-drive-file-info-for-users)
+  - [Show Drive File Revisions for Users](#show-drive-file-revisions-for-users)
+  - [Empty Drive Trash for Users](#empty-drive-trash-for-users)
+- [Managing Google Drive Permissions for Users](#managing-google-drive-permissions-for-users)
+  - [Showing the Permissions of a File/Folder for a user](#showing-the-permissions-of-a-filefolder-for-a-user)
+  - [Adding permissions to a file/folder for a user](#adding-permissions-to-a-filefolder-for-a-user)
+  - [Updating permissions to a file/folder for a user](#updating-permissions-to-a-filefolder-for-a-user)
+  - [Removing permissions to a file/folder for a user](#removing-permissions-to-a-filefolder-for-a-user)
+- [Managing shared drives](#managing-shared-drives)
+  - [Creating shared drives](#creating-shared-drives)
+  - [Adding user permissions to shared drives](#adding-user-permissions-to-shared-drives)
+  - [Updating shared drives](#updating-shared-drives)
+  - [Deleting shared drives](#deleting-shared-drives)
+  - [Showing/Printing shared drives](#showingprinting-shared-drives)
+
+GAM now supports Google Drive Management with the ability to add, update, view and delete Drive files and folders for users as well as adding, updating, viewing and deleting file and folder permissions.
+
+# Managing Google Drive Files and Folders for users
+## Printing User Drive Files to a CSV
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show filelist [todrive] [query|fullquery <query>] [allfields]
+  [createddate] [description] [fileextension] [filesize] [id] [name] [owners] [parents] [permissions] 
+  [restricted] [starred] [trashed] [viewed]
+  [lastmodifyingusername] [lastviewedbymedate] [modifieddate] [originalfilename] [quotaused] [shared] [writerscanshare]
+```
+Outputs a CSV file listing the Google Drive files/folders that the given user(s) own. By default, the output is sent to the screen and only the file owner, title and URL columns are shown. The optional `todrive` argument will upload the CSV data to a Google Docs Spreadsheet file in the Administrator's Google Drive rather than displaying it locally. The optional `query` argument allows the results to be narrowed to files/folders matching the given query. The optional `fullquery` argument is similar to query but omits the "'me' in owners" portion of the query. The query format is described in [Google's documentation](https://developers.google.com/drive/api/v2/search-files). The optional `allfields` arguments causes all possible columns to be included in the output. The optional `createddate`, `description`, `fileextension`, `filesize`, `id`, `name`, `restricted`, `starred`, `trashed`, `viewed`, `lastmodifyingusername`, `lastviewedbymedate`, `modifieddate`, `originalfilename`, `quotaused`, `shared` and `writerscanshare` arguments cause the given columns to be included in the output.
+
+### Example
+This example displays all of Joe Schmo's files
+```
+gam user jschmo@acme.com show filelist
+```
+
+This example displays all files for all users that contain the text "ProjectX". The results are uploaded to a Google spreadsheet for the admin user.
+```
+gam all users show filelist query "fullText contains 'ProjectX'" todrive
+```
+
+This example displays all PDF files that users under the Students OU own.
+
+```
+gam ou_and_children Students show filelist query "mimeType = 'application/pdf'"
+```
+
+---
+
+This example displays all of Joe Schmo's folders.
+
+```
+gam user jschmo@acme.com show filelist query "mimeType = 'application/vnd.google-apps.folder'"
+```
+
+---
+
+## Creating and Uploading Drive Files for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users add drivefile [localfile <filepath>]
+  [drivefilename <filename>] [convert] [ocr] [ocrlanguage <language>] [restricted] [starred] [trashed] [viewed]
+  [lastviewedbyme <date>] [modifieddate <date>] [description <description>] [mimetype <type>] [parentid <folder id>]
+  [parentname <folder name>] [writerscantshare]
+```
+Create or upload a new file to Google Drive for the given user(s). By default, the command will create a new, empty file/folder. If the optional argument localfile is specified along with the full path to a document on the local computer, GAM will upload that file's contents to Drive. The optional argument drivefilename sets the name of the file/folder in Drive. The optional argument convert causes files to be converted into native Google Docs format where possible. The optional argument ocr causes OCR analysis of images and PDF files when they are converted to native Google Docs format. The optional argument ocrlanguage determines what language is used for ocr analysis. The optional argument restricted prevents users who have reader/commenter access to a file from downloading the file content. The optional arguments starred, trashed and viewed cause the respective action to take place on the new file. The optional arguments lastviewedbyme and modifieddate set the respective timestamps for the new file, the date should follow the format YYYY-MM-DDTHH:MM:SS.000Z. For example, 2013-04-20T12:33:47.166Z. The optional argument description gives a description for the new file. The optional argument mimetype forces the given MIME file type to be used for the new file. The optional argument parentid sets a parent folder for the uploaded/created file to show underneath. The optional argument parentname searches for the given folder name to put the file under. The optional argument writerscantshare prevents users who have writer/editor access to the file from adding additional permissions to the file (only owner can add permissions).
+
+### Examples
+This example uploads the file sillycat.mp4 to Google Drive for a user
+```
+gam user jsmith@acme.com add drivefile localfile sillycat.mp4
+```
+
+This example creates a new folder called TPS Reports for all users and then creates a new, empty Google Doc, Spreadsheet, Presentation and Drawing under each user's folder.
+```
+gam all users add drivefile drivefilename "TPS Reports" mimetype gfolder
+gam all users add drivefile drivefilename "TPS Doc" mimetype gdoc parentname 'TPS Reports'
+gam all users add drivefile drivefilename "TPS Sheet" mimetype gsheet parentname 'TPS Reports'
+gam all users add drivefile drivefilename "TPS Presentation" mimetype gpresentation parentname 'TPS Reports'
+gam all users add drivefile drivefilename "TPS Drawing" mimetype gdrawing parentname 'TPS Reports'
+```
+
+This example uploads the MyRamblings.docx file to Google Drive and converts it to Google Doc native format. It also renames the file to a nicer looking "My Ramblings".
+```
+gam user jjones@acme.com add drivefile localfile MyRamblings.docx convert drivefilename "My Ramblings"
+```
+
+---
+
+
+## Updating Drive Files for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users update drivefile [id <drive file id> | drivefilename <filename>] [localfile <filename>] [newfilename <filename>] [convert] [ocr] [ocrlanguage <language>] [restricted true|false] [starred true|false] [trashed true|false] [viewed true|false] [lastviewedbyme <date>] [modifieddate <date>] [description <description>] [mimetype <MIME type>] [parentid <folder id>] [parentname <folder name>] [writerscantshare]
+```
+Update a Drive file's metadata and/or content. In order to determine which file(s) are updated, either the id or drivefilename arguments must be specified. id specifies the exact unique id of the file to be updated. drivefilename performs a search for files matching the given name. The optional argument localfile specifies a local file whose content will completely replace the content of the given drive file (file id, name, etc will remain unchanged). The optional arguments convert, ocr, ocrlanguage, restricted, starred, trashed, description, mimetype and viewed specify updates that should occur to a file's metadata. The optional lastviewedbyme and modifieddate arguments specify new timestamps that should be placed on the Drive file. The date should follow the format YYYY-MM-DDTHH:MM:SS.000Z. For example, 2013-04-20T12:33:47.166Z. The optional parentid and parentname arguments specify folders under which the drive file should be placed. The optional writerscantshare argument prevents file writers/editors from sharing the file with additional users.
+
+### Examples
+This example updates the "My Ramblings" file to be starred and placed under a folder called "Brilliant things I've said" (assumes a folder by that name already exists for the user)
+```
+gam user bsmith@acme.com update drivefile drivefilename "My Ramblings" starred true parentname 'Brilliant things I've said'
+```
+
+This example updates the Drive file DailyReport.pdf with the contents of the local file Report-3-28-2014.pdf.
+```
+gam user hgregg@acme.com update drivefile drivefilename DailyReport.pdf localfile Report-3-28-2014.pdf
+```
+
+---
+
+
+## Downloading Drive Files For Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users get drivefile [id <file id> | query <query> | drivefilename <filename>] [format <FileFormatList>] [targetfolder <local path>] [revision <Number>]
+
+<FileFormat> ::= csv|html|txt|tsv|jpeg|jpg|png|svg|pdf|rtf|pptx|xlsx|docx|odt|ods|openoffice|microsoft
+<FileFormatList> ::= '<FileFormat>(,<FileFormat)*'
+microsoft ::= docx,pptx,xlsx
+openoffice ::= ods,odt
+
+```
+Download the given Drive files to the local computer. One of the `id`, `query` or `drivefilename` parameters must be specified to determine which files should be downloaded. By default, Google Docs native format files are downloaded in openoffice format. The optional argument `format` allows you to download the files in other formats by specifying a comma separated list of formats; the first format in the list that is available will be used. The optional argument `targetfolder` allows you to specify where on the local computer the downloaded files should be placed. The optional argument `revision` allows you to specify a specific revision of a file to download.
+
+Note that drive folder hierarchy is NOT maintained when downloading files with this command.
+
+### Examples
+This example downloads the file with Drive ID adifd08 to the current path
+```
+gam user asmith@acme.com get drivefile id adifd08
+```
+
+This example downloads all of a user's files to c:\jsmith-files using Microsoft Office format for downloading native Google Docs.
+```
+gam user jsmith@acme.com get drivefile query "'me' in owners" format microsoft
+```
+
+---
+
+
+## Deleting Google Drive Files for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete drivefile <file id> [purge]
+```
+Delete the given Drive files for user(s). The "file id" argument is the exact ID of a Google Drive file or a query to search the user's Drive for files in the format ` "query:<query>" `. By default, deleted folders are simply moved to the user's Trash folder which is purged after 30 days. The optional parameter purge causes the files to be immediately purged from the user's Google Drive so that they are no longer recoverable from Trash.
+
+### Examples
+This example moves the given Drive file to the user's Trash in Drive.
+```
+gam user jsmith@acme.com delete drivefile 8sidfddosa
+```
+
+This example completely purges all files from a user's Drive that are PDFs (danger Will Robinson!!!)
+```
+gam user jsmith@acme.com delete drivefile "query:mimeType = 'application/pdf'" purge
+```
+---
+
+## Show Drive File Info for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show fileinfo <file id> [allfields]
+  [createddate] [description] [fileextension] [filesize] [id] [name] [restricted] [starred] [trashed] [viewed]
+  [lastmodifyingusername] [lastviewedbymedate] [modifieddate] [originalfilename] [quotaused] [shared] [writerscanshare]
+```
+Outputs detailed information about a specific file. The optional `allfields` arguments causes all possible columns to be included in the output. The optional `createddate`, `description`, `fileextension`, `filesize`, `id`, `name`, `restricted`, `starred`, `trashed`, `viewed`, `lastmodifyingusername`, `lastviewedbymedate`, `modifieddate`, `originalfilename`, `quotaused`, `shared` and `writerscanshare` arguments cause the given fields to be shown.
+
+### Example
+This example shows the file information for Drive ID adifd08
+```
+gam user asmith@acme.com show fileinfo adifd08
+```
+
+---
+
+
+## Show Drive File Revisions for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users show filerevisions <file id>
+```
+Show the revisions for a file. 
+
+### Examples
+This example shows the file revisions for Drive ID adifd08
+```
+gam user asmith@acme.com show filerevisions adifd08
+```
+
+## Empty Drive Trash for Users
+### Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users empty drivetrash
+```
+Empty users' Drive trash. 
+
+### Examples
+This example shows emptying the drive trash for users in the technology group.
+```
+gam group technology@acme.com empty drivetrash
+```
+
+---
+
+
+# Managing Google Drive Permissions for Users
+## Showing the Permissions of a File/Folder for a user
+### Syntax
+```
+gam user <email> show drivefileacl <file id> [asadmin]
+```
+shows the current permissions of a file or folder owned or shared with a given user. The optional asadmin argument specifies that the super admin should use special access to manage a shared drive which they do not normally have access to. This argument may not work on non shared drive resources.
+
+### Example
+This example shows the permissions of one of jsmith's files
+```
+gam user jsmith@acme.org show drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE
+
+John Smith
+ domain: acme.org
+ emailAddress: jsmith@acme.org
+ photoLink: https://lh5.googleusercontent.com/-AzWvbYordY/AAAAAAAAAAE/AAAAAAAAERg/nzagv0IV4yQ/s64/photo.jpg
+ role: owner
+ type: user
+ id: 17297927562723854745
+
+George Wilson
+ domain: gmail.com
+ emailAddress: gwilson@gmail.com
+ photoLink: https://lh5.googleusercontent.com/-woxYfVbgI4w/AAAAAAAAAaI/AAAAAAAAb
+SI/Y0RRW2LWX5U/s64/photo.jpg
+ role: writer
+ type: user
+ id: 00772439636938147216
+```
+
+---
+
+
+## Adding permissions to a file/folder for a user
+### Syntax
+```
+gam user <user email> add drivefileacl <file id> [user|group|domain|anyone <value>] [withlink] [role <reader|commenter|writer|owner|organizer>] [sendemail] [emailmessage <message text>]
+```
+Grants a user, group, domain or anyone permission to the given Drive file/folder. The role parameter determines the level of access the given user(s) have to the file and can be one of reader, commenter, writer, owner or organizer. Specifying owner will change ownership of the file/folder and only works when the source and target accounts are in the same G Suite instance. Organizer replaces and is the equivalent to the owner role for shared drives. The optional withlink parameter specifies that the file is not "discoverable" or indexed. It is only available if the accessing user knows the exact URL. The optional sendemail parameter will send an email to the user(s) who have been granted access to the file (no email sent by default). The optional emailmessage parameter allows you to specify a portion of the email message body sent to the user.
+
+### Examples
+This example silently gives Sally access to Tim's file
+```
+gam user tim@acme.org add drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE user sally@acme.org role writer withlink
+```
+
+This example gives the IT Google Group access to Tim's file and sends an email notification
+```
+gam user tim@acme.org add drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE group it@acme.org role reader sendemail
+```
+
+This example gives anyone in the Acme organization access to Tim's file if they know the URL
+```
+gam user tim@acme.org add drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE domain acme.org role commenter withlink
+```
+
+This example gives anyone on the Internet (logged in to Google or not) access to Tim's file and makes it searchable/discoverable via Google.com search and other search engines
+```
+gam user tim@acme.org add drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE anyone role reader
+```
+
+---
+
+
+## Updating permissions to a file/folder for a user
+### Syntax
+```
+gam user <user email> update drivefileacl <file id> <permission id> [withlink] [role <reader|commenter|writer|owner|organizer>] [asadmin]
+```
+Changes a user or groups permissions to the given Drive file/folder. The permisson id parameter can be an email address or a numeric id as shown when listing a file's permissions. If an email address is used, GAM must first look up the permission id of that email address before updating (2 API calls instead of 1). If using numeric id, you must prefix it with "id:". The role parameter determines the level of access the given user(s) have to the file and can be one of reader, commenter, writer, owner or organizer. Specifying owner will change ownership of the file/folder and only works when the source and target accounts are in the same G Suite instance. Organizer replaces and is the equivalent to the owner role for shared drives. The optional withlink parameter specifies that the file is not "discoverable" or indexed. It is only available if the accessing user knows the exact URL. The optional asadmin argument specifies that the super admin should use special access to manage a shared drive which they do not normally have access to. This argument may not work on non shared drive resources.
+
+### Example
+This example changes Sally from a reader to a writer for the file.
+```
+gam user tim@acme.org update drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE sally@acme.org role writer withlink
+```
+
+### Example
+This example changes Sally from a reader to a writer for the file using her numeric permission ID.
+```
+gam user tim@acme.org update drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE id:65337053707119961365 role writer withlink
+```
+### Example
+This example makes Sally the owner for the file and changes Tim from owner to writer for the file.
+```
+gam user tim@acme.org update drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE sally@acme.org role owner
+```
+
+---
+
+
+## Removing permissions to a file/folder for a user
+### Syntax
+```
+gam user <user email> delete drivefileacl <file id> <permission id> [asadmin]
+```
+Removes the given permission from the file. The permisson id parameter can be an email address or a numeric id as shown when listing a file's permissions. If an email address is used, GAM must first look up the permission id of that email address before updating (2 API calls instead of 1). If using numeric id, you must prefix it with "id:". The optional asadmin argument specifies that the super admin should use special access to manage a shared drive which they do not normally have access to. This argument may not work on non shared drive resources.
+
+### Example
+This example removes Sally's access to Tim's file
+```
+gam user tim@acme.org delete drivefileacl 0B8aCWH-xLi2NckxXOEp5REUtNEE sally@acme.org
+```
+# Managing shared drives
+GAM 4.2 and newer support shared drive management. You can create, update, delete and list shared drives for users. Shared drives can be shared in the same way [Google Drive Files/Folders are shared](#managing-google-drive-permissions-for-users).
+
+Note: Shared drives were previously known as Team Drives.
+
+## Creating shared drives
+### Syntax
+```
+gam user <email> add shareddrive <name>
+```
+Creates a new shared drive. The name argument specifies the name of the shared drive. The specified user will be the first organizer.
+
+### Example
+This example creates a "Sales Reports" shared drive and makes jsalesguy@acme.com the first organizer of the Drive.
+```
+gam user jsalesguy@acme.com add shareddrive "Sales Reports"
+```
+----
+## Adding user permissions to shared drives
+### Syntax
+```
+gam user <user a email> add drivefileacl <DriveFileEntity> user <user b email> role <DriveFileACLRole>) [withlink|(allowfilediscovery|discoverable [<Boolean>])] [expires|expiration <Time>] [sendemail] [emailmessage <String>] [showtitles]
+```
+adds a new "user b" to a shared drive owned by "user a". The specified "user b" will be the set role.
+
+### Example
+This example adds jsalesguy@acme.com to the shared drive owned by jbossguy@acme.com and makes jsalesguy@acme.com a content and permission manager of the Drive.
+```
+gam user jbossguy@acme.com add drivefileacl 0ABXXXXXXXXXX9PVA user jsalesguy@acme.com role contentmanager
+```
+----
+## Updating shared drives
+### Syntax
+```
+gam user <email> update shareddrive <id> [name <name>] [ou <orgunit>] [hidden <true|false>]
+```
+Updates the shared drive specified by the id argument. The name argument updates the shared drive name. The ou argument moves the shared drive to a new orgunit (THIS FEATURE IS CURRENTLY ALPHA). The hidden argument hides or unhides the given shared drive for the given user.
+
+### Example
+This example changes the name of shared drive ID dfdfaskfd23 to "2016 Sales Reports"
+```
+gam user jsalesguy@acme.com update shareddrive dfdfaskfd23 name "2016 Sales Reports"
+```
+
+This example moves a shared drive to the /Shared Drives OrgUnit
+```
+gam user admin@acme.com update shareddrive ou "/Shared Drives"
+```
+----
+## Deleting shared drives
+### Syntax
+```
+gam user <email> delete shareddrive <id> [allowitemdeletion]
+```
+Deletes the shared drive specified by the id argument. By default, if there are any files/folders on the shared drive then deleting it will fail. The optional argument `allowitemdeletion` will delete the shared drive AND all files/folders currently on it and must be performed by a super admin user.
+
+### Example
+This example deletes the dfdfaskfd23 shared drive even if there are files on it.
+```
+----
+gam user jsalesguy@acme.com delete shareddrive dfdfaskfd23 allowitemdeletion
+```
+----
+## Showing/Printing shared drives
+### Syntax
+```
+gam user <email> print|show shareddrives [todrive] [asadmin]
+```
+Prints to CSV or screen the shared drives the given user(s) can access. The print argument will output CSV format or, if todrive is specified, a Google Sheet. The show argument will output a user-legible list of shared drives to the screen. The optional asadmin argument specifies that the super admin should use special access to manage a shared drive which they do not normally have access to. This argument may not work on non shared drive resources.
+
+### Example
+This example creates a Google Sheet of the shared drives accessible to all users in the domain. It will require at least 1 API call per-user.
+```
+gam all users print shareddrives todrive
+```

docs/Groups-Membership.md

@@ -61,7 +61,7 @@ See [Collections of Items](Collections-of-Items)
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupEntity> ::=
         <GroupList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <GroupRole> ::= owner|manager|member
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
 <GroupType> ::= customer|group|user
@@ -323,7 +323,7 @@ For example,
 gam config batch_size 20 inter_batch_wait 1 update group testgroup@domain.com sync members file users.lst
 ```
 ### Examples using CSV file and Google sheets:
-* https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Users#examples-using-csv-files-and-google-sheets-to-update-the-membership-of-a-group
+* https://github.com/GAM-team/GAM/wiki/Collections-of-Users#examples-using-csv-files-and-google-sheets-to-update-the-membership-of-a-group
 
 ### Example
 Assume that at your school there is a group for each grade level and the members come from an OU; here is a sample CSV file GradeOU.csv

docs/Groups.md

@@ -59,7 +59,7 @@ See [Collections of Items](Collections-of-Items)
 <GroupList> ::= "<GroupItem>(,<GroupItem>)*"
 <GroupEntity> ::=
         <GroupList> | <FileSelector> | <CSVkmdSelector> | <CSVDataSelector>
-        See: https://github.com/taers232c/GAMADV-XTD3/wiki/Collections-of-Items
+        See: https://github.com/GAM-team/GAM/wiki/Collections-of-Items
 <GroupRole> ::= owner|manager|member
 <GroupRoleList> ::= "<GroupRole>(,<GroupRole>)*"
 <GroupType> ::= customer|group|user

docs/HTTPS-Proxy.md

@@ -1,4 +1,4 @@
-# HTTPS Proxy
+!# HTTPS Proxy
 
 GAM should be run on a server with direct access to talk to Google servers via the Internet.
 However, if you must push GAM traffic through an HTTPS proxy this can be done by setting the HTTPS_PROXY environment variable.

docs/Home.md

@@ -56,6 +56,6 @@ You can install multiple versions of GAM and GAM7 in different parallel director
 [GitHub Releases]: https://github.com/GAM-team/GAM/releases
 [GitHub]: https://github.com/GAM-team/GAM/tree/master
 [GitHub Legacy Wiki]: https://github.com/GAM-team/GAM/wiki/
-[GitHub GAM7 Wiki]: https://github.com/taers232c/GAMADV-XTD3/wiki/
+[GitHub GAM7 Wiki]: https://github.com/GAM-team/GAM/wiki/
 [Google Groups]: https://groups.google.com/group/google-apps-manager
-[GAM Updates]: https://github.com/taers232c/GAMADV-XTD3/wiki/GamUpdates
+[GAM Updates]: https://github.com/GAM-team/GAM/wiki/GamUpdates

docs/How-to-Install-Advanced-Gam.md

@@ -1,938 +0,0 @@
-# Installing GAMADV-XTD3
-Use these steps if you have never used any version of GAM in your domain. They will create your GAM project
-and all necessary authentications.
-
-- [Downloads-Installs](Downloads-Installs)
-- [Linux and MacOS and Google Cloud Shell](#linux-and-mac-os-and-google-cloud-shell)
-- [Windows](#windows)
-- [GAM Configuration](gam.cfg)
-
-## Linux and MacOS and Google Cloud Shell
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-In these examples, the user home folder is shown as /Users/admin; adjust according to your
-specific situation; e.g., /home/administrator.
-
-This example assumes that GAMADV-XTD3 has been installed in /Users/admin/bin/gamadv-xtd3.
-If you've installed GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-### Set a configuration directory
-
-The default GAM configuration directory is /Users/admin/.gam; for more flexibility you
-probably want to select a non-hidden location. This example assumes that the GAM
-configuration directory will be /Users/admin/GAMConfig; If you've chosen another directory,
-substitute that value in the directions.
-
-Make the directory:
-```
-mkdir -p /Users/admin/GAMConfig
-```
-
-Add the following line:
-```
-export GAMCFGDIR="/Users/admin/GAMConfig"
-```
-to one of these files based on your shell:
-```
-~/.bash_profile
-~/.bashrc
-~/.zshrc
-~/.profile
-```
-
-Issue the following command replacing `<Filename>` with the name of the file you edited:
-```
-source <Filename>
-```
-
-You need to make sure the GAM configuration directory actually exists. Test that like this:
-```
-ls -l $GAMCFGDIR
-```
-
-### Set a working directory
-
-You should establish a GAM working directory; you will store your GAM related
-data in this folder and execute GAM commands from this folder. You should not use
-/Users/admin/bin/gamadv-xtd3 or /Users/admin/GAMConfig for this purpose.
-This example assumes that the GAM working directory will be /Users/admin/GAMWork; If you've chosen
-another directory, substitute that value in the directions.
-
-Make the directory:
-```
-mkdir -p /Users/admin/GAMWork
-```
-
-### Set an alias
-You should set an alias to point to /Users/admin/bin/gamadv-xtd3/gam so you can operate from the /Users/admin/GAMWork directory.
-Aliases aren't available in scripts, so you may want to set a symlink instead, see below.
-
-Add the following line:
-```
-alias gam="/Users/admin/bin/gamadv-xtd3/gam"
-```
-to one of these files based on your shell:
-```
-~/.bash_aliases
-~/.bash_profile
-~/.bashrc
-~/.zshrc
-~/.profile
-```
-
-Issue the following command replacing `<Filename>` with the name of the file you edited:
-```
-source <Filename>
-```
-
-### Set a symlink
-Set a symlink in `/usr/local/bin` (or some other location on $PATH) to point to GAM. 
-```
-ln -s "/Users/admin/bin/gamadv-xtd3/gam" /usr/local/bin/gam
-```
-
-### Initialize GAMADV-XTD3; this should be the first GAMADV-XTD3 command executed.
-```
-admin@server:/Users/admin$ gam config drive_dir /Users/admin/GAMWork verify
-Created: /Users/admin/GAMConfig
-Created: /Users/admin/GAMConfig/gamcache
-Config File: /Users/admin/GAMConfig/gam.cfg, Initialized
-Section: DEFAULT
-  ...
-  cache_dir = /Users/admin/GAMConfig/gamcache
-  ...
-  config_dir = /Users/admin/GAMConfig
-  ...
-  drive_dir = /Users/admin/GAMWork
-  ...
-
-admin@server:/Users/admin$
-```
-### Verify initialization, this was a successful installation.
-```
-admin@server:/Users/admin$ ls -l $GAMCFGDIR
-total 48
--rw-r-----+ 1 admin  staff  1069 Mar  3 09:23 gam.cfg
-drwxr-x---+ 2 admin  staff    68 Mar  3 09:23 gamcache
--rw-rw-rw-+ 1 admin  staff     0 Mar  3 09:23 oauth2.txt.lock
-admin@server:/Users/admin$ 
-```
-### Create your project with local browser
-```
-admin@server:/Users/admin$ gam create project
-WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/admin/GAMConfig/client_secrets.json, Not Found
-WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/admin/GAMConfig/oauth2service.json, Not Found
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?client_id=CLI...response_type=code
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-Creating project "GAM Project"...
-Checking project status...
-Project: gam-project-abc-def-ghi, Enable 23 APIs
-  API: admin.googleapis.com, Enabled (1/23)
-  API: alertcenter.googleapis.com, Enabled (2/23)
-  API: appsactivity.googleapis.com, Enabled (3/23)
-  API: audit.googleapis.com, Enabled (4/23)
-  API: calendar-json.googleapis.com, Enabled (5/23)
-  API: chat.googleapis.com, Enabled (6/23)
-  API: classroom.googleapis.com, Enabled (7/23)
-  API: contacts.googleapis.com, Enabled (8/23)
-  API: drive.googleapis.com, Enabled (9/23)
-  API: driveactivity.googleapis.com, Enabled (10/23)
-  API: gmail.googleapis.com, Enabled (11/23)
-  API: groupsmigration.googleapis.com, Enabled (12/23)
-  API: groupssettings.googleapis.com, Enabled (13/23)
-  API: iam.googleapis.com, Enabled (14/23)
-  API: iap.googleapis.com, Enabled (15/23)
-  API: licensing.googleapis.com, Enabled (16/23)
-  API: people.googleapis.com, Enabled (17/23)
-  API: pubsub.googleapis.com, Enabled (18/23)
-  API: reseller.googleapis.com, Enabled (19/23)
-  API: sheets.googleapis.com, Enabled (20/23)
-  API: siteverification.googleapis.com, Enabled (21/23)
-  API: storage-api.googleapis.com, Enabled (22/23)
-  API: vault.googleapis.com, Enabled (23/23)
-Setting GAM project consent screen...
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Enabled
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Generating new private key
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
-Service Account OAuth2 File: /Users/admin/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
-Please go to:
-
-https://console.cloud.google.com/apis/credentials/oauthclient?project=gam-project-abc-def-ghi
-
-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "client ID" value that shows on the next page.
-
-Enter your Client ID: CLIENTID
-
-5. Go back to your browser and copy your "client secret" value.
-Enter your Client Secret: CLIENTSECRET
-6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
-That's it! Your GAM Project is created and ready to use.
-
-admin@server:/Users/admin$ 
-```
-### Create your project without local browser (Google Cloud Shell for instance)
-```
-admin@server:/Users/admin$ gam config no_browser true save
-admin@server:/Users/admin$ gam create project
-WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: client_secrets_json, Value: /Users/admin/GAMConfig/client_secrets.json, Not Found
-WARNING: Config File: /Users/admin/GAMConfig/gam.cfg, Item: oauth2service_json, Value: /Users/admin/GAMConfig/oauth2service.json, Not Found
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
-
-Go to the following link in a browser on other computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?re... m&prompt=consent
-
-Enter verification code: abc...xyz
-
-Authentication successful.
-Creating project "GAM Project"...
-Checking project status...
-Project: gam-project-abc-def-ghi, Enable 23 APIs
-  API: admin.googleapis.com, Enabled (1/23)
-  API: alertcenter.googleapis.com, Enabled (2/23)
-  API: appsactivity.googleapis.com, Enabled (3/23)
-  API: audit.googleapis.com, Enabled (4/23)
-  API: calendar-json.googleapis.com, Enabled (5/23)
-  API: chat.googleapis.com, Enabled (6/23)
-  API: classroom.googleapis.com, Enabled (7/23)
-  API: contacts.googleapis.com, Enabled (8/23)
-  API: drive.googleapis.com, Enabled (9/23)
-  API: driveactivity.googleapis.com, Enabled (10/23)
-  API: gmail.googleapis.com, Enabled (11/23)
-  API: groupsmigration.googleapis.com, Enabled (12/23)
-  API: groupssettings.googleapis.com, Enabled (13/23)
-  API: iam.googleapis.com, Enabled (14/23)
-  API: iap.googleapis.com, Enabled (15/23)
-  API: licensing.googleapis.com, Enabled (16/23)
-  API: people.googleapis.com, Enabled (17/23)
-  API: pubsub.googleapis.com, Enabled (18/23)
-  API: reseller.googleapis.com, Enabled (19/23)
-  API: sheets.googleapis.com, Enabled (20/23)
-  API: siteverification.googleapis.com, Enabled (21/23)
-  API: storage-api.googleapis.com, Enabled (22/23)
-  API: vault.googleapis.com, Enabled (23/23)
-Setting GAM project consent screen...
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Enabled
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Generating new private key
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
-Service Account OAuth2 File: /Users/admin/GAMConfig/oauth2service.json, Service Account Key: SVCACCTKEY, Updated
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
-Please go to:
-
-https://console.cloud.google.com/apis/credentials/oauthclient?project=gam-project-abc-def-ghi
-
-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "client ID" value that shows on the next page.
-
-Enter your Client ID: CLIENTID
-
-5. Go back to your browser and copy your "client secret" value.
-Enter your Client Secret: CLIENTSECRET
-6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
-That's it! Your GAM Project is created and ready to use.
-
-admin@server:/Users/admin$ 
-```
-### Enable GAMADV-XTD3 client access
-
-You select a list of scopes, GAM uses a browser to get final authorization from Google for these scopes and
-writes the credentials into the file oauth2.txt.
-
-```
-admin@server:/Users/admin$ gam oauth create
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[*]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[ ] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[ ] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-Select an unselected scope [ ] by entering a number; yields [*]
-For scopes that support readonly, enter a number and an 'r' to grant read-only access; yields [R]
-For scopes that support action, enter a number and an 'a' to grant action-only access; yields [A]
-Clear read-only access [R] or action-only access [A] from a scope by entering a number; yields [*]
-Unselect a selected scope [*] by entering a number; yields [ ]
-Select all default scopes by entering an 's'; yields [*] for default scopes, [ ] for others
-Unselect all scopes by entering a 'u'; yields [ ] for all scopes
-Exit without changes/authorization by entering an 'e'
-Continue to authorization by entering a 'c'
-  Note, if all scopes are selected, Google will probably generate an authorization error
-
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address? admin@domain.com
-
-Go to the following link in a browser on this computer or on another computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=423565144751-10lsdt2lgnsch9jmdhl35uq4617u1ifp&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2F&scope=...
-
-If you use a browser on another computer, you will get a browser error that the site can't be reached AFTER you
-click the Allow button, paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-The authentication flow has completed.
-Client OAuth2 File: /Users/admin/GAMConfig/oauth2.txt, Created
-
-admin@server:/Users/admin$ 
-```
-
-If clicking on the link in the instructions does not work (i.e. you get a 404 or 400 error message, instead of something about 'unable to connect') the URL in the link is too long. Most likely, you have selected all scopes. Try again with fewer scopes until it works. (there is no harm in repeatedly trying)
-
-### Enable GAMADV-XTD3 service account access.
-```
-admin@server:/Users/admin$ gam user admin@domain.com check serviceaccount
-$ gam user admin@domain.com check serviceaccount
-System time status
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication
-  Authentication                                                            PASS
-Service Account Private Key age; Google recommends rotating keys on a routine basis
-  Service Account Private Key age: 0 days                                   PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED!
-To authorize them, please go to:
-
-    https://admin.google.com/ac/owl/domainwidedelegation?clientScopeToAdd=https://mail.go...huser=admin@domain.com
-
-You will be directed to the Google Workspace admin console Security/API Controls/Domain-wide Delegation page
-The "Add a new Client ID" box will open
-Make sure that "Overwrite existing client ID" is checked
-Click AUTHORIZE
-When the box closes you're done
-After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
-
-admin@server:/Users/admin$
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-admin@server:/Users/admin$ gam user admin@domain.com check serviceaccount
-System time status:
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-
-Service Account Client name: SVCACCTID is fully authorized.
-
-admin@server:/Users/admin$ 
-```
-### Update gam.cfg with some basic values
-* `customer_id` - Having this data keeps Gam from having to make extra API calls
-* `domain` - This allows you to omit the domain portion of email addresses
-* `timezone local` - Gam will convert all UTC times to your local timezone
-```
-admin@server:/Users/admin$ gam info domain
-Customer ID: C01234567
-Primary Domain: domain.com
-Customer Creation Time: 2007-06-06T15:47:55.444Z
-Primary Domain Verified: True
-Default Language: en
-...
-
-admin@server:/Users/admin$ gam config customer_id C01234567 domain domain.com timezone local save verify
-Config File: /Users/admin/GAMConfig/gam.cfg, Saved
-Section: DEFAULT
-  ...
-  customer_id = C01234567
-  ...
-  domain = domain.com
-  ...
-  timezone = local
-  ...
-
-admin@server:/Users/admin$
-```
-
-## Windows
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-This example assumes that GAMADV-XTD3 has been installed in C:\GAMADV-XTD3; if you've installed
-GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-These steps assume Command Prompt, adjust if you're using PowerShell.
-
-### Set a configuration directory
-
-The default GAM configuration directory is C:\Users\<UserName>\.gam; for more flexibility you
-probably want to select a non user-specific location. This example assumes that the GAM
-configuration directory will be C:\GAMConfig; If you've chosen another directory,
-substitute that value in the directions.
-* Make the C:\GAMConfig directory before proceeding.
-
-### Set a working directory
-
-You should extablish a GAM working directory; you will store your GAM related
-data in this folder and execute GAM commands from this folder. You should not use
-C:\GAMADV-XTD3 or C:\GAMConfig for this purpose.
-This example assumes that the GAM working directory will be C:\GAMWork; If you've chosen
-another directory, substitute that value in the directions.
-* Make the C:\GAMWork directory before proceeding.
-
-### Set system path and GAM configuration directory
-You should set the system path to point to C:\GAMADV-XTD3 so you can operate from the C:\GAMWork directory.
-```
-Start Control Panel
-Click System
-Click Advanced system settings
-Click Environment Variables...
-Click Path under System variables
-Click Edit...
-If C:\GAMADV-XTD3 is already on the Path, skip the next three steps
-  Click New
-  Enter C:\GAMADV-XTD3
-  Click OK
-Click New
-Set Variable name: GAMCFGDIR
-Set Variable value: C:\GAMConfig
-Click OK
-Click OK
-Click OK
-Exit Control Panel
-```
-
-At this point, you should restart Command Prompt so that it has the updated path and environment variables.
-
-### Initialize GAMADV-XTD3; this should be the first GAMADV-XTD3 command executed.
-```
-C:\>gam config drive_dir C:\GAMWork verify
-Created: C:\GAMConfig
-Created: C:\GAMConfig\gamcache
-Config File: C:\GAMConfig\gam.cfg, Initialized
-Section: DEFAULT
-  ...
-  cache_dir = C:\GAMConfig\gamcache
-  ...
-  config_dir = C:\GAMConfig
-  ...
-  drive_dir = C:\GAMWork
-  ...
-
-C:\>
-```
-### Verify initialization, this was a successful installation.
-```
-C:\>dir %GAMCFGDIR%
- Volume in drive C has no label.
- Volume Serial Number is 663F-DA8B
-
- Directory of C:\GAMConfig
-
-03/03/2017  10:16 AM    <DIR>          .
-03/03/2017  10:16 AM    <DIR>          ..
-03/03/2017  10:15 AM             1,125 gam.cfg
-03/03/2017  10:15 AM    <DIR>          gamcache
-03/03/2017  10:15 AM                 0 oauth2.txt.lock
-               2 File(s)         15,769 bytes
-               3 Dir(s)  110,532,562,944 bytes free
-C:\>
-```
-
-### Create your project with local browser
-```
-C:\>gam create project
-WARNING: Config File: C:\GAMConfig\gam.cfg, Item: client_secrets_json, Value: C:\GAMConfig\client_secrets.json, Not Found
-WARNING: Config File: C:\GAMConfig\gam.cfg, Item: oauth2service_json, Value: C:\GAMConfig\oauth2service.json, Not Found
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oaut...pe=code
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-Creating project "GAM Project"...
-Checking project status...
-Project: gam-project-abc-def-ghi, Enable 23 APIs
-  API: admin.googleapis.com, Enabled (1/23)
-  API: alertcenter.googleapis.com, Enabled (2/23)
-  API: appsactivity.googleapis.com, Enabled (3/23)
-  API: audit.googleapis.com, Enabled (4/23)
-  API: calendar-json.googleapis.com, Enabled (5/23)
-  API: chat.googleapis.com, Enabled (6/23)
-  API: classroom.googleapis.com, Enabled (7/23)
-  API: contacts.googleapis.com, Enabled (8/23)
-  API: drive.googleapis.com, Enabled (9/23)
-  API: driveactivity.googleapis.com, Enabled (10/23)
-  API: gmail.googleapis.com, Enabled (11/23)
-  API: groupsmigration.googleapis.com, Enabled (12/23)
-  API: groupssettings.googleapis.com, Enabled (13/23)
-  API: iam.googleapis.com, Enabled (14/23)
-  API: iap.googleapis.com, Enabled (15/23)
-  API: licensing.googleapis.com, Enabled (16/23)
-  API: people.googleapis.com, Enabled (17/23)
-  API: pubsub.googleapis.com, Enabled (18/23)
-  API: reseller.googleapis.com, Enabled (19/23)
-  API: sheets.googleapis.com, Enabled (20/23)
-  API: siteverification.googleapis.com, Enabled (21/23)
-  API: storage-api.googleapis.com, Enabled (22/23)
-  API: vault.googleapis.com, Enabled (23/23)
-Setting GAM project consent screen...
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Enabled
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Generating new private key
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
-Service Account OAuth2 File: C:\GAMConfig\oauth2service.json, Service Account Key: SVCACCTKEY, Updated
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
-Please go to:
-
-https://console.cloud.google.com/apis/credentials/oauthclient?project=gam-project-abc-def-ghi
-
-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "client ID" value that shows on the next page.
-
-Enter your Client ID: CLIENTID
-
-5. Go back to your browser and copy your "client secret" value.
-Enter your Client Secret: CLIENTSECRET
-6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
-That's it! Your GAM Project is created and ready to use.
-
-C:\>
-```
-### Create your project without local browser (headless server for instance)
-```
-C:\>gam config no_browser true save
-C:\>gam create project
-WARNING: Config File: C:\GAMConfig\gam.cfg, Item: client_secrets_json, Value: C:\GAMConfig\client_secrets.json, Not Found
-WARNING: Config File: C:\GAMConfig\gam.cfg, Item: oauth2service_json, Value: C:\GAMConfig\oauth2service.json, Not Found
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) admin@domain.com
-
-Go to the following link in a browser on other computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-Enter verification code: abc...xyz
-
-Authentication successful.
-Creating project "GAM Project"...
-Checking project status...
-Project: gam-project-abc-def-ghi, Enable 23 APIs
-  API: admin.googleapis.com, Enabled (1/23)
-  API: alertcenter.googleapis.com, Enabled (2/23)
-  API: appsactivity.googleapis.com, Enabled (3/23)
-  API: audit.googleapis.com, Enabled (4/23)
-  API: calendar-json.googleapis.com, Enabled (5/23)
-  API: chat.googleapis.com, Enabled (6/23)
-  API: classroom.googleapis.com, Enabled (7/23)
-  API: contacts.googleapis.com, Enabled (8/23)
-  API: drive.googleapis.com, Enabled (9/23)
-  API: driveactivity.googleapis.com, Enabled (10/23)
-  API: gmail.googleapis.com, Enabled (11/23)
-  API: groupsmigration.googleapis.com, Enabled (12/23)
-  API: groupssettings.googleapis.com, Enabled (13/23)
-  API: iam.googleapis.com, Enabled (14/23)
-  API: iap.googleapis.com, Enabled (15/23)
-  API: licensing.googleapis.com, Enabled (16/23)
-  API: people.googleapis.com, Enabled (17/23)
-  API: pubsub.googleapis.com, Enabled (18/23)
-  API: reseller.googleapis.com, Enabled (19/23)
-  API: sheets.googleapis.com, Enabled (20/23)
-  API: siteverification.googleapis.com, Enabled (21/23)
-  API: storage-api.googleapis.com, Enabled (22/23)
-  API: vault.googleapis.com, Enabled (23/23)
-Setting GAM project consent screen...
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Enabled
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Generating new private key
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Extracting public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Done generating private key and public certificate
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Service Account Key: SVCACCTKEY, Uploaded
-Service Account OAuth2 File: C:\GAMConfig\oauth2service.json, Service Account Key: SVCACCTKEY, Updated
-Project: gam-project-abc-def-ghi, Service Account: gam-project-abc-def-ghi@gam-project-abc-def-ghi.iam.gserviceaccount.com, Has rights to rotate own private key
-Please go to:
-
-https://console.cloud.google.com/apis/credentials/oauthclient?project=gam-project-abc-def-ghi
-
-1. Choose "Desktop App" or "Other" for "Application type".
-2. Enter "GAM" or another desired value for "Name".
-3. Click the blue "Create" button.
-4. Copy your "client ID" value that shows on the next page.
-
-Enter your Client ID: CLIENTID
-
-5. Go back to your browser and copy your "client secret" value.
-Enter your Client Secret: CLIENTSECRET
-6. Go back to your browser and click OK to close the "OAuth client" popup if it's still open.
-That's it! Your GAM Project is created and ready to use.
-
-C:\>
-```
-### Enable GAMADV-XTD3 client access
-
-You select a list of scopes, GAM uses a browser to get final authorization from Google for these scopes and
-writes the credentials into the file oauth2.txt.
-
-```
-C:\>gam oauth create
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[*]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[ ] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[ ] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-Select an unselected scope [ ] by entering a number; yields [*]
-For scopes that support readonly, enter a number and an 'r' to grant read-only access; yields [R]
-For scopes that support action, enter a number and an 'a' to grant action-only access; yields [A]
-Clear read-only access [R] or action-only access [A] from a scope by entering a number; yields [*]
-Unselect a selected scope [*] by entering a number; yields [ ]
-Select all default scopes by entering an 's'; yields [*] for default scopes, [ ] for others
-Unselect all scopes by entering a 'u'; yields [ ] for all scopes
-Exit without changes/authorization by entering an 'e'
-Continue to authorization by entering a 'c'
-  Note, if all scopes are selected, Google will probably generate an authorization error
-
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address? admin@domain.com
-
-Go to the following link in a browser on this computer or on another computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=423565144751-10lsdt2lgnsch9jmdhl35uq4617u1ifp&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2F&scope=...
-
-If you use a browser on another computer, you will get a browser error that the site can't be reached AFTER you
-click the Allow button, paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-The authentication flow has completed.
-Client OAuth2 File: C:\GAMConfig\oauth2.txt, Created
-
-C:\>
-```
-### Enable GAMADV-XTD3 service account access.
-```
-C:\>gam user admin@domain.com check serviceaccount
-System time status
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication
-  Authentication                                                            PASS
-Service Account Private Key age; Google recommends rotating keys on a routine basis
-  Service Account Private Key age: 0 days                                   PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED!
-To authorize them, please go to:
-
-    https://admin.google.com/ac/owl/domainwide...thuser=admin@domain.com
-
-You will be directed to the Google Workspace admin console Security/API Controls/Domain-wide Delegation page
-The "Add a new Client ID" box will open
-Make sure that "Overwrite existing client ID" is checked
-Click AUTHORIZE
-When the box closes you're done
-After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
-
-C:\>
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-C:\>gam user admin@domain.com check serviceaccount
-System time status:
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-
-Service Account Client name: SVCACCTID is fully authorized.
-
-C:\>
-```
-### Update gam.cfg with some basic values
-* `customer_id` - Having this data keeps Gam from having to make extra API calls
-* `domain` - This allows you to omit the domain portion of email addresses
-* `timezone local` - Gam will convert all UTC times to your local timezone
-```
-C:\>gam info domain
-Customer ID: C01234567
-Primary Domain: domain.com
-Customer Creation Time: 2007-06-06T15:47:55.444Z
-Primary Domain Verified: True
-Default Language: en
-...
-
-C:\>gam config customer_id C01234567 domain domain.com timezone local save verify
-Config File: C:\GAMConfig\gam.cfg, Saved
-Section: DEFAULT
-  ...
-  customer_id = C01234567
-  ...
-  domain = domain.com
-  ...
-  timezone = local
-  ...
-
-C:\>
-```

docs/How-to-Install-GAM7.md

@@ -1,4 +1,4 @@
-# Installing GAM7
+!# Installing GAM7
 Use these steps if you have never used any version of GAM in your domain. They will create your GAM project
 and all necessary authentications.
 

docs/How-to-Uninstall-Advanced-Gam.md

@@ -1,127 +0,0 @@
-# Uninstalling GAMADV-XTD3
-
-- [Get Project Info](#get-project-info)
-- [Remove Client API access](#remove-client-api-access)
-- [Remove Service Account API access](#remove-service-account-api-access)
-- [Delete GAM Project](#delete-gam-project)
-- [Linux and MacOS and Google Cloud Shell](#linux-and-mac-os-and-google-cloud-shell)
-- [Windows](#windows)
-
-## Get Project Info
-```
-gam version
-```
-
-Note the `Config File:` path to `gam.cfg`. In that folder will be a file `oauth2service.json`; look at its contents.
-You want these two lines:
-```
-"client_id": "123691089974044844789"
-"project_id": "gam-project-123-456-789"
-```
-
-## Remove Client API access
-```
-gam oauth delete
-```
-
-## Remove Service Account API access
-In a browser, go to `https://admin.google.com`, login and go to the Security/API Controls/Domain-wide Delegation page.
-Find the `Client ID` that matches the `client_id` value from `oauth2service.json`, hover over it and click `Delete`.	
-
-## Delete GAM Project
-In a browser, go to `https://console.cloud.google.com/cloud-resource-manager`, login. Find the `ID` that matches
-the `project_id` value from `oauth2service.json`; click the three dots at the right end of the line and click `Delete`.
-In the box that pops up, put the `project_id` value in ther `Project ID*` field and click `SHUT DOWN`
-
-## Linux and MacOS and Google Cloud Shell
-
-In these examples, the user home folder is shown as /Users/admin; adjust according to your
-specific situation; e.g., /home/administrator.
-
-This example assumes that GAMADV-XTD3 has been installed in /Users/admin/bin/gamadv-xtd3.
-If you've installed GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-### Delete executable directory
-
-```
-rm -fr /Users/admin/bin/gamadv-xtd3
-```
-
-### Delete configuration directory
-
-The default GAM configuration directory is /Users/admin/.gam; for more flexibility you
-probably want to select a non-hidden location. This example assumes that the GAM
-configuration directory will be /Users/admin/GAMConfig; If you've chosen another directory,
-substitute that value in the directions.
-```
-rm -fr /Users/admin/GAMConfig
-```
-
-### Delete  working directory
-
-This example assumes that the GAM working directory is be /Users/admin/GAMWork; If you've chosen
-another directory, substitute that value in the directions.
-```
-rm -fr /Users/admin/GAMConfig
-```
-
-### Remove executable alias and GAM configuration export
-
-Remove the following line:
-```
-alias gam="/Users/admin/bin/gamadv-xtd3/gam"
-export GAMCFGDIR="/Users/admin/GAMConfig"
-```
-from these files based on your shell:
-```
-~/.bash_profile
-~/.bashrc
-~/.zshrc
-~/.profile
-```
-
-## Windows
-
-This example assumes that GAMADV-XTD3 has been installed in C:\GAMADV-XTD3; if you've installed
-GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-### Delete executable directory
-
-In File Explorer, delete the `C:\GAMADV-XTD3` folder.
-
-### Delete configuration directory
-
-The default GAM configuration directory is C:\Users\<UserName>\.gam; for more flexibility you
-probably want to select a non user-specific location. This example assumes that the GAM
-configuration directory will be C:\GAMConfig; If you've chosen another directory,
-substitute that value in the directions.
-
-In File Explorer, delete the `C:\GAMConfig` folder.
-
-### Delete working directory
-
-This example assumes that the GAM working directory will be C:\GAMWork; If you've chosen
-another directory, substitute that value in the directions.
-
-In File Explorer, delete the `C:\GAMWork` folder.
-
-### Reset system path and GAM configuration directory
-```
-Start Control Panel
-Click System
-Click Advanced system settings
-Click Environment Variables...
-Click Path under System variables
-Click Edit...
-If C:\GAMADV-XTD3 is not on the Path, click Cancel and skip the next three steps
-  Click C:\GAMADV-XTD3
-  Click Delete
-  Click OK
-If GAMCFGDIR is not in System variables, skip the next two steps
-  Click GAMCFGDIR
-  Click Delete
-Click OK
-Click OK
-Exit Control Panel
-```
-

docs/How-to-Uninstall-GAM7.md

@@ -1,4 +1,4 @@
-# Uninstalling GAM7
+!# Uninstalling GAM7
 
 - [Get Project Info](#get-project-info)
 - [Remove Client API access](#remove-client-api-access)

docs/How-to-Update-Advanced-Gam.md

@@ -1,581 +0,0 @@
-# Updating GAMADV-XTD3
-Use these steps to update your version of GAMADV-XTD3.
-
-- [Downloads-Installs](Downloads-Installs)
-- [Linux and MacOS and Google Cloud Shell](#linux-and-mac-os-and-google-cloud-shell)
-- [Windows](#windows)
-- [GAM Configuration](gam.cfg)
-
-## Linux and MacOS and Google Cloud Shell
-
-### Download the latest version
-
-This example assumes that GAMADV-XTD3 has been installed in /Users/admin/bin/gamadv-xtd3.
-If you've installed GAMADV-XTD3 in another directory, substitute that value in the directions when downloading.
-
-See: [Downloads-Installs](Downloads-Installs)
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-In these examples, the user home folder is shown as /Users/admin; adjust according to your
-specific situation; e.g., /home/administrator.
-
-### Update your project with local browser to include the additional APIs that GAMADV-XTD3 uses.
-This step may be omitted if you are updating from a recent version.
-```
-admin@server:/Users/admin/bin/gamadv-xtd3$ gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s): gam-project-abc-123-xyz? admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-admin@server:/Users/admin/bin/gamadv-xtd3$
-```
-### Update your project without local browser (Google Cloud Shell for instance) to include the additional APIs that GAMADV-XTD3 uses
-This step may be omitted if you are updating from a recent version.
-```
-admin@server:/Users/admin/bin/gamadv-xtd3$ gam config no_browser true save
-admin@server:/Users/admin/bin/gamadv-xtd3$ gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s): gam-project-abc-123-xyz? admin@domain.com
-
-Go to the following link in a browser on other computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-Enter verification code: abc...xyz
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-admin@server:/Users/admin/bin/gamadv-xtd3$
-```
-### Update GAMADV-XTD3 client access
-
-You select a list of scopes, GAMADV-XTD3 uses a browser to get final authorization from Google for these scopes and
-writes the credentials into the file oauth2.txt.
-
-```
-admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam oauth create
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[*]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[ ] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[ ] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-Select an unselected scope [ ] by entering a number; yields [*]
-For scopes that support readonly, enter a number and an 'r' to grant read-only access; yields [R]
-For scopes that support action, enter a number and an 'a' to grant action-only access; yields [A]
-Clear read-only access [R] or action-only access [A] from a scope by entering a number; yields [*]
-Unselect a selected scope [*] by entering a number; yields [ ]
-Select all default scopes by entering an 's'; yields [*] for default scopes, [ ] for others
-Unselect all scopes by entering a 'u'; yields [ ] for all scopes
-Exit without changes/authorization by entering an 'e'
-Continue to authorization by entering a 'c'
-  Note, if all scopes are selected, Google will probably generate an authorization error
-
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address? admin@domain.com
-
-Go to the following link in a browser on this computer or on another computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=423565144751-10lsdt2lgnsch9jmdhl35uq4617u1ifp&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2F&scope=...
-
-If you use a browser on another computer, you will get a browser error that the site can't be reached AFTER you
-click the Allow button, paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-The authentication flow has completed.
-Client OAuth2 File: /Users/admin/GAMConfig/oauth2.txt, Created
-
-admin@server:/Users/admin/bin/gamadv-xtd3$ 
-```
-### Update GAMADV-XTD3 service account access.
-```
-admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam user admin@domain.com check serviceaccount
-$ gam user admin@domain.com check serviceaccount
-System time status
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication
-  Authentication                                                            PASS
-Service Account Private Key age; Google recommends rotating keys on a routine basis
-  Service Account Private Key age: 0 days                                   PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED!
-To authorize them, please go to:
-
-    https://admin.google.com/ac/owl/domainwidedelegation?clientScopeToAdd=https://mail.google.com/,https://sites.google.com/feeds,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.courseworkmaterials,https://www.googleapis.com/auth/classroom.profile.emails,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/cloud-identity,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/datastudio,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/documents,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/keep,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/tasks,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/userinfo.email&clientIdToAdd=SVCACCTID&overwriteClientId=true&dn=domain.com&authuser=admin@domain.com
-
-You will be directed to the Google Workspace admin console Security/API Controls/Domain-wide Delegation page
-The "Add a new Client ID" box will open
-Make sure that "Overwrite existing client ID" is checked
-Click AUTHORIZE
-When the box closes you're done
-After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
-
-admin@server:/Users/admin/bin/gamadv-xtd3$
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-admin@server:/Users/admin/bin/gamadv-xtd3$ ./gam user admin@domain.com check serviceaccount
-System time status:
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-
-Service Account Client name: SVCACCTID is fully authorized.
-
-admin@server:/Users/admin/bin/gamadv-xtd3$ 
-```
-
-## Windows
-
-### Download the latest version
-
-This example assumes that GAMADV-XTD3 has been installed in C:\GAMADV-XTD3.
-If you've installed GAMADV-XTD3 in another directory, substitute that value in the directions when downloading.
-
-See: [Downloads-Installs](Downloads-Installs)
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-This example assumes that GAMADV-XTD3 has been installed in C:\GAMADV-XTD3; if you've installed
-GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-These steps assume Command Prompt, adjust if you're using PowerShell.
-
-### Update your project with local browser to include the additional APIs that GAMADV-XTD3 uses.
-This step may be omitted if you are updating from a recent version.
-```
-C:\GAMADV-XTD3>gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-C:\GAMADV-XTD3>
-```
-### Update your project without local browser (headless server for instance) to include the additional APIs that GAMADV-XTD3 uses
-This step may be omitted if you are updating from a recent version.
-```
-C:\GAMADV-XTD3>gam config no_browser true save
-C:\GAMADV-XTD3>gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
-
-Go to the following link in a browser on other computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-Enter verification code: abc...xyz
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-C:\GAMADV-XTD3>
-```
-### Update GAMADV-XTD3 client access
-
-You select a list of scopes, GAM uses a browser to get final authorization from Google for these scopes and
-writes the credentials into the file oauth2.txt.
-
-```
-C:\GAMADV-XTD3>gam oauth create
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[*]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[ ] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[ ] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-Select an unselected scope [ ] by entering a number; yields [*]
-For scopes that support readonly, enter a number and an 'r' to grant read-only access; yields [R]
-For scopes that support action, enter a number and an 'a' to grant action-only access; yields [A]
-Clear read-only access [R] or action-only access [A] from a scope by entering a number; yields [*]
-Unselect a selected scope [*] by entering a number; yields [ ]
-Select all default scopes by entering an 's'; yields [*] for default scopes, [ ] for others
-Unselect all scopes by entering a 'u'; yields [ ] for all scopes
-Exit without changes/authorization by entering an 'e'
-Continue to authorization by entering a 'c'
-  Note, if all scopes are selected, Google will probably generate an authorization error
-
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address? admin@domain.com
-
-Go to the following link in a browser on this computer or on another computer:
-
-    https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=423565144751-10lsdt2lgnsch9jmdhl35uq4617u1ifp&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2F&scope=...
-
-If you use a browser on another computer, you will get a browser error that the site can't be reached AFTER you
-click the Allow button, paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-Enter verification code or paste "Unable to connect" URL from other computer (only URL data up to &scope required):
-
-The authentication flow has completed.
-Client OAuth2 File: C:\GAMConfig\oauth2.txt, Created
-
-C:\GAMADV-XTD3>
-```
-### Update GAMADV-XTD3 service account access.
-```
-C:\GAMADV-XTD3>gam user admin@domain.com check serviceaccount
-System time status
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication
-  Authentication                                                            PASS
-Service Account Private Key age; Google recommends rotating keys on a routine basis
-  Service Account Private Key age: 0 days                                   PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED!
-To authorize them, please go to:
-
-    https://admin.google.com/ac/owl/domainwidedelegation?clientScopeToAdd=https://mail.google.com/,https://sites.google.com/feeds,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.courseworkmaterials,https://www.googleapis.com/auth/classroom.profile.emails,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/cloud-identity,https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/contacts.other.readonly,https://www.googleapis.com/auth/datastudio,https://www.googleapis.com/auth/directory.readonly,https://www.googleapis.com/auth/documents,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/keep,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/tasks,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/userinfo.email&clientIdToAdd=SVCACCTID&overwriteClientId=true&dn=domain.com&authuser=admin@domain.com
-
-You will be directed to the Google Workspace admin console Security/API Controls/Domain-wide Delegation page
-The "Add a new Client ID" box will open
-Make sure that "Overwrite existing client ID" is checked
-Click AUTHORIZE
-When the box closes you're done
-After authorizing it may take some time for this test to pass so wait a few moments and then try this command again.
-
-C:\GAMADV-XTD3>
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-C:\GAMADV-XTD3>gam user admin@domain.com check serviceaccount
-System time status:
-  Your system time differs from www.googleapis.com by less than 1 second    PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-
-Service Account Client name: SVCACCTID is fully authorized.
-
-C:\GAMADV-XTD3>
-```

docs/How-to-Update-GAM7.md

@@ -1,4 +1,4 @@
-# Updating GAM7
+!# Updating GAM7
 Use these steps to update your version of GAM7.
 
 - [Downloads-Installs](Downloads-Installs)

docs/How-to-Upgrade-Legacy-GAM-to-GAM7.md

@@ -1,4 +1,4 @@
-# Installation - Upgrading from Legacy GAM
+!# Installation - Upgrading from Legacy GAM
 Use these steps if you have used any version of GAM in your domain. They will update your GAM project
 and all necessary authentications.
 

docs/How-to-Upgrade-from-GAMADV-X-or-GAMADV-XTD.md

@@ -1,551 +0,0 @@
-# Installation - Upgrading from a prior version of GAMADV-X or GAMADV-XTD
-Use these steps if you have used any version of GAMADV-X or GAMADV-XTD in your domain.
-They will update your GAM project and all necessary authentications.
-
-- [Downloads-Installs](Downloads-Installs)
-- [Linux and MacOS and Google Cloud Shell](#linux-and-mac-os-and-google-cloud-shell)
-- [Windows](#windows)
-- [GAM Configuration](gam.cfg)
-
-## Linux and MacOS and Google Cloud Shell
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-In these examples, the user home folder is shown as /Users/admin; adjust according to your
-specific situation; e.g., /home/administrator.
-
-This example assumes that GAMADV-XTD3 has been installed in /Users/admin/bin/gamadv-xtd3.
-If you've installed GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-GAMADV-XTD3 uses the same configuration directory and gam.cfg file as GAMADV-X and GAMADV-XTD.
-
-### Update your alias
-You should update your alias to point to /Users/admin/bin/gamadv-xtd3/gam.
-
-Add/edit the following line:
-```
-alias gam="/Users/admin/bin/gamadv-xtd3/gam"
-```
-to one of these files based on your shell:
-```
-~/.bash_aliases
-~/.bash_profile
-~/.bashrc
-~/.zshrc
-~/.profile
-```
-
-Issue the following command replacing `<Filename>` with the name of the file you edited:
-```
-source <Filename>
-```
-
-### Do you have a browser?
-If your computer doesn't support a browser, Google Cloud Shell for instance, execute this command:
-```
-admin@server:/Users/admin$ gam config no_browser true save
-```
-### Update your project to include the additional APIs that GAMADV-XTD3 uses.
-```
-admin@server:/Users/admin$ gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-admin@server:/Users/admin$
-```
-### Update GAMADV-XTD3 client access.
-
-Update oauth2.txt; it must be updated to reflect the additional capabilites of GAMADV-XTD3.
-
-You select a list of scopes, GAM uses a browser to get final authorization from Google for these scopes and
-writes the credentials into the file oauth2.txt.
-
-If the computer on which you are running GAM does not have access to a browser, issue this command:
-```
-gam config no_browser true oauth update
-```
-You will be given instructions on how to get the authorization on another computer and apply it locally.
-```
-admin@server:/Users/admin$ gam oauth update
-
-Select the authorized scopes by entering a number.
-Append an 'r' to grant read-only access or an 'a' to grant action-only access.
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[ ]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[*] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[*] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-     s)  Select all scopes
-     u)  Unselect all scopes
-     e)  Exit without changes
-     c)  Continue to authorization
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address?admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?client_id=CLIENTID&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.courses+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.announcements+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.coursework.students+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.guardianlinks.students+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.profile.emails+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.profile.photos+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.rosters+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloudprint+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.read_only+https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.datatransfer+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.device.chromeos+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.customer+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.domain+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.group+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.device.mobile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.orgunit+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.resource.calendar+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.rolemanagement+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.userschema+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.user.security+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.user+https%3A%2F%2Fapps-apis.google.com%2Fa%2Ffeeds%2Fcompliance%2Faudit%2F+https%3A%2F%2Fapps-apis.google.com%2Fa%2Ffeeds%2Femailsettings%2F2.0%2F+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.groups.migration+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.groups.settings+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.licensing+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcontacts+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.reports.audit.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.reports.usage.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.order+https%3A%2F%2Fsites.google.com%2Ffeeds+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fediscovery&login_hint=admin%40domain.com&access_type=offline&response_type=code
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-Client OAuth2 File: /Users/admin/GAMConfig/oauth2.txt, Updated
-
-admin@server:/Users/admin$
-```
-### Update GAMADV-XTD3 service account access.
-```
-admin@server:/Users/admin$ gam user user@domain.com check serviceaccount
-System time status:
-  Your system time differs by less than 1 second from Google                PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED! Please go to:
-
-https://admin.google.com/domain.com/ManageOauthClients?clientScopeToAdd=https://mail.google.com/,https://sites.google.com/feeds,https://www.google.com/m8/feeds,https://www.googleapis.com/auth/activity,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/cloudprint,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/iam,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/userinfo.email&clientNameToAdd=SVCACCTID
-
-You will be directed to the Google Workspace admin console. The Client Name and API
-Scopes fields will be pre-populated. Please click Authorize to allow these
-scopes access. After authorizing it may take some time for this test to pass so
-wait a few moments and then try this command again.
-
-admin@server:/Users/admin$
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-admin@server:/Users/admin$ gam user user@domain.com check serviceaccount
-System time status:
-  Your system time differs by less than 1 second from Google                PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-Service Account Client name: SVCACCTID is fully authorized.
-
-admin@server:/Users/admin$
-```
-
-## Windows
-
-In these examples, your Google Super admin is shown as admin@domain.com; replace with the
-actual email adddress.
-
-This example assumes that GAMADV-XTD3 has been installed in C:\GAMADV-XTD3; if you've installed
-GAMADV-XTD3 in another directory, substitute that value in the directions.
-
-GAMADV-XTD3 uses the same configuration directory and gam.cfg file as GAMADV-X and GAMADV-XTD.
-
-### Update system path
-You should update the system path to point to C:\GAMADV-XTD3.
-```
-Start Control Panel
-Click System
-Click Advanced system settings
-Click Environment Variables...
-Click Path under System variables
-Click Edit...
-If you have an existing entry referencing GAMADV-X or GAMADV-XTD:
-  Click that entry
-  Click Delete
-If C:\GAMADV-XTD3 is already on the Path, skip the next three steps
-  Click New
-  Enter C:\GAMADV-XTD3
-  Click OK
-Click OK
-Click OK
-Exit Control Panel
-```
-
-At this point, you should restart Command Prompt so that it has the updated path and environment variables.
-
-### Do you have a compatible browser?
-If the computer on which you are running GAM does not have access to a browser or
-your default browser is Internet Explorer or Edge, issue this command:
-```
-C:\>gam config no_browser true save
-```
-### Update your project to include the additional APIs that GAMADV-XTD3 uses.
-```
-C:\>gam update project
-
-Enter your Google Workspace admin or GCP project manager email address authorized to manage project(s) gam-project-abc-123-xyz? admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&response_type=code&client_id=...
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-API: admin.googleapis.com, already enabled...
-API: appsactivity.googleapis.com, already enabled...
-API: calendar-json.googleapis.com, already enabled...
-API: classroom.googleapis.com, already enabled...
-API: contacts.googleapis.com, already enabled...
-API: drive.googleapis.com, already enabled...
-API: gmail.googleapis.com, already enabled...
-API: groupssettings.googleapis.com, already enabled...
-API: licensing.googleapis.com, already enabled...
-API: plus.googleapis.com, already enabled...
-API: reseller.googleapis.com, already enabled...
-API: siteverification.googleapis.com, already enabled...
-API: vault.googleapis.com, already enabled...
-Enable 3 APIs
-  API: audit.googleapis.com, Enabled (1/3)
-  API: groupsmigration.googleapis.com, Enabled (2/3)
-  API: sheets.googleapis.com, Enabled (3/3)
-
-C:\>
-```
-### Update GAMADV-XTD3 client access.
-
-Update oauth2.txt; it must be updated to reflect the additional capabilites of GAMADV-XTD3.
-
-If the PC on which you are running GAM does not have access to a browser or if
-your default browser is Internet Explorer or Edge, issue this command:
-```
-gam config no_browser true oauth update
-```
-You will be given instructions on how to get the authorization; this involves a long URL that must be copied/pasted.
-Older versions of Command Prompt and PowerShell (Windows 7/8, Server 2008) can't properly copy/paste multi line strings;
-GAM writes the long URL into the file `gamoauthurl.txt` in the folder with the GAM executable.
-You can open the file with Notepad/Wordpad, do a control-A to select the text, control-C to copy the text,
-start a browser and paste the URL (control-V) into the address bar. Authenticate and copy the Verification code
-back to your Command Prompt/PowerShell window.
-```
-C:\>gam oauth update
-
-Select the authorized scopes by entering a number.
-Append an 'r' to grant read-only access or an 'a' to grant action-only access.
-
-[*]  0)  Calendar API (supports readonly)
-[*]  1)  Chrome Browser Cloud Management API (supports readonly)
-[*]  2)  Chrome Management API - AppDetails read only
-[*]  3)  Chrome Management API - Telemetry read only
-[*]  4)  Chrome Management API - read only
-[*]  5)  Chrome Policy API (supports readonly)
-[*]  6)  Chrome Printer Management API (supports readonly)
-[ ]  7)  Chrome Version History API
-[*]  8)  Classroom API - Course Announcements (supports readonly)
-[*]  9)  Classroom API - Course Topics (supports readonly)
-[*] 10)  Classroom API - Course Work/Materials (supports readonly)
-[*] 11)  Classroom API - Course Work/Submissions (supports readonly)
-[*] 12)  Classroom API - Courses (supports readonly)
-[*] 13)  Classroom API - Profile Emails
-[*] 14)  Classroom API - Profile Photos
-[*] 15)  Classroom API - Rosters (supports readonly)
-[*] 16)  Classroom API - Student Guardians (supports readonly)
-[*] 17)  Cloud Channel API (supports readonly)
-[*] 18)  Cloud Identity - Inbound SSO Settings (supports readonly)
-[*] 19)  Cloud Identity Groups API (supports readonly)
-[*] 20)  Cloud Identity OrgUnits API (supports readonly)
-[*] 21)  Cloud Identity User Invitations API (supports readonly)
-[ ] 22)  Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
-[ ] 23)  Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
-[*] 24)  Contact Delegation API (supports readonly)
-[*] 25)  Contacts API - Domain Shared Contacts and GAL
-[*] 26)  Data Transfer API (supports readonly)
-[*] 27)  Directory API - Chrome OS Devices (supports readonly)
-[*] 28)  Directory API - Customers (supports readonly)
-[*] 29)  Directory API - Domains (supports readonly)
-[*] 30)  Directory API - Groups (supports readonly)
-[*] 31)  Directory API - Mobile Devices Directory (supports readonly and action)
-[*] 32)  Directory API - Organizational Units (supports readonly)
-[*] 33)  Directory API - Resource Calendars (supports readonly)
-[*] 34)  Directory API - Roles (supports readonly)
-[*] 35)  Directory API - User Schemas (supports readonly)
-[*] 36)  Directory API - User Security
-[*] 37)  Directory API - Users (supports readonly)
-[ ] 38)  Email Audit API
-[*] 39)  Groups Migration API
-[*] 40)  Groups Settings API
-[*] 41)  License Manager API
-[*] 42)  People API (supports readonly)
-[*] 43)  People Directory API - read only
-[ ] 44)  Pub / Sub API
-[*] 45)  Reports API - Audit Reports
-[*] 46)  Reports API - Usage Reports
-[*] 47)  Reseller API
-[*] 48)  Site Verification API
-[ ] 49)  Sites API
-[*] 50)  Vault API (supports readonly)
-
-     s)  Select all scopes
-     u)  Unselect all scopes
-     e)  Exit without changes
-     c)  Continue to authorization
-Please enter 0-50[a|r] or s|u|e|c: c
-
-Enter your Google Workspace admin email address? admin@domain.com
-
-Your browser has been opened to visit:
-
-    https://accounts.google.com/o/oauth2/v2/auth?client_id=CLIENTID&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.courses+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.announcements+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.coursework.students+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.guardianlinks.students+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.profile.emails+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.profile.photos+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fclassroom.rosters+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloudprint+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.read_only+https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.datatransfer+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.device.chromeos+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.customer+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.domain+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.group+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.device.mobile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.orgunit+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.resource.calendar+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.rolemanagement+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.userschema+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.user.security+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.directory.user+https%3A%2F%2Fapps-apis.google.com%2Fa%2Ffeeds%2Fcompliance%2Faudit%2F+https%3A%2F%2Fapps-apis.google.com%2Fa%2Ffeeds%2Femailsettings%2F2.0%2F+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.groups.migration+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.groups.settings+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.licensing+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcontacts+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.reports.audit.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadmin.reports.usage.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fapps.order+https%3A%2F%2Fsites.google.com%2Ffeeds+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fediscovery&login_hint=admin%40domain.com&access_type=offline&response_type=code
-
-If your browser is on a different machine then press CTRL+C,
-set no_browser = true in gam.cfg and re-run this command.
-
-Authentication successful.
-Client OAuth2 File: C:\GAMConfig\oauth2.txt, Updated
-
-C:\>
-```
-### Enable GAMADV-XTD3 service account access.
-```
-C:\>gam user user@domain.com check serviceaccount
-System time status:
-  Your system time differs by less than 1 second from Google                PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        FAIL (25/34)
-  https://www.googleapis.com/auth/drive.labels                              FAIL (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-Some scopes FAILED! Please go to:
-
-https://admin.google.com/domain.com/ManageOauthClients?clientScopeToAdd=https://mail.google.com/,https://sites.google.com/feeds,https://www.google.com/m8/feeds,https://www.googleapis.com/auth/activity,https://www.googleapis.com/auth/apps.alerts,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/classroom.announcements,https://www.googleapis.com/auth/classroom.coursework.students,https://www.googleapis.com/auth/classroom.rosters,https://www.googleapis.com/auth/classroom.topics,https://www.googleapis.com/auth/cloudprint,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/drive.activity,https://www.googleapis.com/auth/gmail.modify,https://www.googleapis.com/auth/gmail.settings.basic,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/iam,https://www.googleapis.com/auth/spreadsheets,https://www.googleapis.com/auth/userinfo.email&clientNameToAdd=SVCACCTID
-
-You will be directed to the Google Workspace admin console. The Client Name and API
-Scopes fields will be pre-populated. Please click Authorize to allow these
-scopes access. After authorizing it may take some time for this test to pass so
-wait a few moments and then try this command again.
-
-C:\>
-```
-The link shown in the error message should take you directly to the authorization screen.
-If not, make sure that you are logged in as a domain admin, then re-enter the link.
-
-### Verify GAMADV-XTD3 service account access.
-
-Wait a moment and then perform the following command; it it still fails, wait a bit longer, it can sometimes take serveral minutes
-for the authorization to complete.
-```
-C:\>gam user user@domain.com check serviceaccount
-System time status:
-  Your system time differs by less than 1 second from Google                PASS
-Service Account Private Key Authentication:
-  Authentication                                                            PASS
-Domain-wide Delegation authentication:, User: admin@domain.com, Scopes: 34
-  https://mail.google.com/                                                  PASS (1/34)
-  https://sites.google.com/feeds                                            PASS (2/34)
-  https://www.googleapis.com/auth/analytics.readonly                        PASS (3/34)
-  https://www.googleapis.com/auth/apps.alerts                               PASS (4/34)
-  https://www.googleapis.com/auth/calendar                                  PASS (5/34)
-  https://www.googleapis.com/auth/chat.delete                               PASS (6/34)
-  https://www.googleapis.com/auth/chat.memberships                          PASS (7/34)
-  https://www.googleapis.com/auth/chat.messages                             PASS (8/34)
-  https://www.googleapis.com/auth/chat.spaces                               PASS (9/34)
-  https://www.googleapis.com/auth/classroom.announcements                   PASS (10/34)
-  https://www.googleapis.com/auth/classroom.coursework.students             PASS (11/34)
-  https://www.googleapis.com/auth/classroom.courseworkmaterials             PASS (12/34)
-  https://www.googleapis.com/auth/classroom.profile.emails                  PASS (13/34)
-  https://www.googleapis.com/auth/classroom.rosters                         PASS (14/34)
-  https://www.googleapis.com/auth/classroom.topics                          PASS (15/34)
-  https://www.googleapis.com/auth/cloud-identity                            PASS (16/34)
-  https://www.googleapis.com/auth/cloud-platform                            PASS (17/34)
-  https://www.googleapis.com/auth/contacts                                  PASS (18/34)
-  https://www.googleapis.com/auth/contacts.other.readonly                   PASS (19/34)
-  https://www.googleapis.com/auth/datastudio                                PASS (20/34)
-  https://www.googleapis.com/auth/directory.readonly                        PASS (21/34)
-  https://www.googleapis.com/auth/documents                                 PASS (22/34)
-  https://www.googleapis.com/auth/drive                                     PASS (23/34)
-  https://www.googleapis.com/auth/drive.activity                            PASS (24/34)
-  https://www.googleapis.com/auth/drive.admin.labels                        PASS (25/34)
-  https://www.googleapis.com/auth/drive.labels                              PASS (26/34)
-  https://www.googleapis.com/auth/gmail.modify                              PASS (27/34)
-  https://www.googleapis.com/auth/gmail.settings.basic                      PASS (28/34)
-  https://www.googleapis.com/auth/gmail.settings.sharing                    PASS (29/34)
-  https://www.googleapis.com/auth/keep                                      PASS (30/34)
-  https://www.googleapis.com/auth/spreadsheets                              PASS (31/34)
-  https://www.googleapis.com/auth/tasks                                     PASS (32/34)
-  https://www.googleapis.com/auth/userinfo.profile                          PASS (33/34)
-  https://www.googleapis.com/auth/youtube.readonly                          PASS (34/34)
-All scopes PASSED!
-Service Account Client name: SVCACCTID is fully authorized.
-
-C:\>
-```

docs/Inbound-SSO-Settings.md

@@ -0,0 +1,192 @@
+Beginning with GAM 6.31, you can now manage Workspace / Cloud Identity Inbound SSO settings. You can add SAML SSO profiles, upload certificates for those profiles and assign the profiles to OrgUnits or Groups.
+
+- [Create an Inbound SSO Profile](#create-an-inbound-sso-profile)
+- [Update an Inbound SSO Profile](#update-an-inbound-sso-profile)
+- [Get Info About an Inbound SSO Profile](#get-info-about-an-inbound-sso-profile)
+- [Delete an Inbound SSO Profile](#delete-an-inbound-sso-profile)
+- [Print/show Inbound SSO Profiles](#printshow-inbound-sso-profiles)
+- [Create or Replace Credentials](#create-or-replace-credentials)
+- [Delete Credentials](#delete-credentials)
+- [Print/show Credentials](#printshow-credentials)
+- [Create an Inbound SSO Assignment](#create-an-inbound-sso-assignment)
+- [Update an Inbound SSO Assignment](#update-an-inbound-sso-assignment)
+- [Get Info About an Inbound SSO Assignment](#get-info-about-an-inbound-sso-assignment)
+- [Print/show Inbound SSO Assignments](#printshow-inbound-sso-assignments)
+
+# Create an Inbound SSO Profile
+## Syntax
+```
+gam create inboundssoprofile [name <name>] [entityid <entityid>] [loginurl <url>] [logouturl <url>] [changepasswordurl <url>]
+```
+Creates a new Inbound SSO profile with details about the remote SAML IDP. All fields are optional on create but must be set in order for the profile to be considered complete and assignable to groups/orgunits. Name and entityid specify the name and entity ID for the profile. loginurl, logouturl and changepasswordurl specify the IDP URLs for the respective actions.
+
+## Example
+This example creates a profile for your SimpleSAMLPHP IDP
+```
+gam create inboundssoprofile name "SimpleSAMLPHP" entityid simplesamlphp loginurl "https://dev2.andreas.feide.no/simplesaml/saml2/idp/SSOService.php" logouturl "https://www.google.com" changepasswordurl "https://www.google.com"
+```
+----
+
+# Update an Inbound SSO Profile
+## Syntax
+```
+gam update inboundssoprofile <profile name or id:profile_id> [name <newname>] [entityid <newentityid>] [loginurl <url>] [logouturl <url>] [changepasswordurl <url>]
+```
+Update an existing Inbound SSO Profile. The profile to update can be specified using the profile name like "SimpleSAMLPHP" or the unique ID Of the profile prefixed with "id:". The name, entityid, loginurl, logouturl and changepasswordurl parameters can optionally be entered in order to update those respective fields for the profile.
+
+## Example
+This example updates the logout URL for our profile.
+```
+gam update inboundssoprofile "SimpleSAMLPHP" logouturl "https://dev2.andreas.feide.no/logout.html"
+```
+----
+
+# Get Info About an Inbound SSO Profile
+## Syntax
+```
+gam info inboundssoprofile <profile name or id:profile>
+```
+Show information about an existing profile. The profile can be referenced by name or unique ID prefixed with id:
+
+## Example
+Shows information about a profile
+```
+gam info inboundssoprofile SimpleSAMLPHP
+```
+----
+
+# Delete an Inbound SSO Profile
+## Syntax
+```
+gam delete inboundssoprofile <profile name or id:profile>
+```
+Deletes an existing inboundssoprofile. The profile can be referenced by name or unique ID prefixed with id:
+
+## Example
+Deletes a profile
+```
+gam delete inboundssoprofile SimpleSAMLPHP
+```
+----
+
+# Print/show Inbound SSO Profiles
+## Syntax
+```
+gam print|show inboundssoprofiles [todrive]
+```
+Prints (CSV output) or shows (human readable output) all current Inbound SSO Profiles. On print only, the optional argument todrive causes GAM to generate a Google Sheet of the CSV results rather than printing them to the console.
+
+## Example
+This example shows all current profiles.
+```
+gam show inboundssoprofiles
+```
+----
+
+# Create or Replace Credentials
+## Syntax
+```
+gam create inboundssocredential [profile <profile name or id:profile_id>] [pemfile <filename>] [generate_key] [key_size] [replace_oldest]
+```
+Creates a new key for the given Inbound SSO profile or replaces the oldest one (Google allows 2 credentials per profile). The profile argument is mandatory and specifies which Inbound SSO profile the credentials should be associated with. pemfile "filename" or generate_key must be specified in order to upload a RSA/DSA PEM file's contents or generate a new RSA private key and public certificate and upload the generated certificate. The generated filenames will show on the console. key_size specifies the size of the RSA key GAM should generate. Allowed values are 1024, 2048 and 4096. replace_oldest specifies that if there are already two credentials for the profile (and only if there are two), the oldest credentials should be deleted to make room for the new credential you are creating.
+
+**IMPORTANT** Google ignores any expiration date on public certificates. As long as the public certificate credential exists in the profile Google will allow logins which are signed by the corresponding private key. You should ALWAYS delete old certificates once they should no longer be in use.
+
+## Example
+This example uploads an existing public certificate contained in a PEM file
+```
+gam create inboundssocredential profile SimpleSAMLPHP pemfile new_pub_cert.pem
+```
+This example generates a new 4k key and replaces the oldest key if there are already two.
+```
+gam create inboundssocredential profile SimpleSAMLPHP generate_key key_size 4096 replace_oldest
+```
+----
+
+# Delete Credentials
+## Syntax
+```
+gam delete inboundssocredential <name>
+```
+Deletes an existing Inbound SSO credential. The name is the unique ID Google assigns to a credential.
+
+## Example
+This example deletes an existing credential by name.
+```
+gam delete inboundssocredential inboundSamlSsoProfiles/03h0nwgl1qms6ww/idpCredentials/K8748028
+```
+----
+ 
+# Print/show Credentials
+## Syntax
+```
+gam print|show inboundssocredentials [profiles <name or id:profile>,<another name>] [todrive]
+```
+Print (CSV output) or show (human readable output) the current Inbound SSO credentials. The optional argument profiles specifies the name or ID of Inbound SSO profiles (comma separated) whose credentials should be output. On print, the optional argument todrive causes a Google Sheet to be generated with the CSV output rather than printing it to the console.
+
+## Example
+This example print all credentials to a Google Sheet.
+```
+gam print inboundssocredentials todrive
+```
+This example shows the credentials for a single profile.
+```
+gam show inboundssocredentials profile SimpleSAMLPHP
+```
+----
+
+# Create an Inbound SSO Assignment
+## Syntax
+```
+gam create inboundssoassignment [profile <name or id:profile_id>] [group groupemail@domain.com] [orgunit /OrgUnit/Path] [mode SAML_SSO|SSO_OFF|DOMAIN_WIDE_SAML_IF_ENABLED] [rank <number>] [never_redirect]
+```
+Assigns a given Inbound SSO profile to a group or orgunit. You must specify one of group or orgunit. mode is also a mandatory argument and specifies the SSO behavior of the assignment. Use one of SAML_SSO, SSO_OFF or DOMAIN_WIDE_SAML_IF_ENABLED. If mode is SAML_SSO you must specify the profile to assign with profile. rank is optional for group assignments and specifies the numeric ranking of the assignment for priority. The rank for orgunit assignments is always zero (0). The optional argument never_redirect causes Google to never redirect to the IDP (SP initiated login disabled, IDP initiated login will work).
+
+## Example
+This example assigns a profile to the Sales group
+```
+gam create inboundssoassignment profile SimpleSAMLPHP group sales@acme.com mode SAML_SSO
+```
+----
+
+# Update an Inbound SSO Assignment
+## Syntax
+```
+gam update inboundssoassignment group|orgunit [profile <name or id:profile_id>] [mode SAML_SSO|SSO_OFF|DOMAIN_WIDE_SAML_IF_ENABLED] [rank <number>] [never_redirect]
+```
+Updates an existing Inbound SSO assignment based on the group or orgunit. mode specifies the assigned SSO mode and should be one of SAML_SSO, SSO_OFF or DOMAIN_WIDE_SAML_IF_ENABLED. If mode is SAML_SSO, profile can be specified to update the SSO profile assigned. rank is optional for group assignments and specifies the numeric ranking which sets priority of the assignment, rank for OrgUnits is always 0. never_redirect is optional and disables Google redirecting users to the IDP, IDP-initiated login is still allowed.
+
+## Example
+This example turns SSO on for the root OU
+```
+gam update inboundssoassignment ou:/ mode SAML_SSO profile "SimpleSAMLPHP"
+```
+----
+
+# Get Info About an Inbound SSO Assignment
+## Syntax
+```
+gam info inboundssoassignment group|orgunit
+```
+Displays information about an existing Inbound SSO assignment.
+
+## Example
+These examples shows the assignment status of the root OU and the sales@acme.com group.
+```
+gam info inboundssoassignment ou:/
+gam info inboundssoassignment group:sales@acme.com
+```
+----
+
+# Print/show Inbound SSO Assignments
+## Syntax
+```
+gam print|show inboundssoassignments [todrive]
+```
+Prints (CSV format) or shows (human readable format) all current Inbound SSO assignments. On print, if todrive is specified a Google Sheet of the CSV results is created rather than outputting it to the console.
+
+## Example
+This example shows all current assignments
+```
+gam show inboundssoassignments
+```

docs/Inbound-SSO.md

@@ -1,4 +1,4 @@
-# Inbound SSO
+!# Inbound SSO
 - [Admin Console](#admin-console)
 - [API documentation](#api-documentation)
 - [Definitions](#definitions)

docs/Install-GAM-as-Python-Library.md

@@ -9,12 +9,12 @@ Scroll down to Install Git
 
 You can install GAM as a Python library with pip.
 ```
-pip install git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src
+pip install git+https://github.com/GAM-team/GAM.git#subdirectory=src
 ```
 
 Or as a PEP 508 Requirement Specifier, e.g. in requirements.txt file:
 ```
-advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src
+advanced-gam-for-google-workspace @ git+https://github.com/GAM-team/GAM.git#subdirectory=src
 ```
 
 Or a pyproject.toml file:
@@ -23,13 +23,13 @@ Or a pyproject.toml file:
 name = "your-project"
 # ...
 dependencies = [
-    "advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git#subdirectory=src"
+    "advanced-gam-for-google-workspace @ git+https://github.com/GAM-team/GAM.git#subdirectory=src"
 ]
 ```
 
 Target a specific revision or tag:
 ```
-advanced-gam-for-google-workspace @ git+https://github.com/taers232c/GAMADV-XTD3.git@v6.76.01#subdirectory=src
+advanced-gam-for-google-workspace @ git+https://github.com/GAM-team/GAM.git@v6.76.01#subdirectory=src
 ```
 
 ## Using the library

docs/LicenseExamples.md

@@ -0,0 +1,121 @@
+- [License Types](#license-types)
+- [Adding a License for Users](#adding-a-license-for-users)
+- [Updating a License for Users](#updating-a-license-for-users)
+- [Deleting a License for Users](#deleting-a-license-for-users)
+- [Sync a License for Users](#sync-a-license-for-users)
+
+# License Types
+GAM supports the licenses listed in the "Product SKU ID" column of [Google's Documentation](https://developers.google.com/admin-sdk/licensing/v1/how-tos/products). Additionally, GAM supports abbreviations for some of the SKU names:
+
+| License SKU              | Abbreviation  |
+|--------------------------|---------------|
+| AppSheet Core | appsheetcore |
+| AppSheet Enterprise Standard | appsheetstandard |
+| AppSheet Enterprise Plus | appsheetplus |
+| Assured Controls | assuredcontrols |
+| Beyond Corp Enterprise | bce |
+| Cloud Identity Free | cloudidentity |
+| Cloud Identity Premium | cloudidentitypremium |
+| Cloud Search | cloudsearch |
+| G Suite Basic |  gsuitebasic |
+| G Suite Business | gsuitebusiness |
+| G Suite Business Archived | gsuitebusinessarchived |
+| G Suite Enterprise Archived | gsuiteenterprisearchived |
+| G Suite Enterprise for Education | gsuiteenterpriseeducation |
+| G Suite Enterprise for Education (Student) | gsuiteenterpriseeducationstudent |
+| G Suite Free/Standard | standard |
+| G Suite Government | gsuitegov |
+| G Suite Lite | gsuitelite |
+| G Suite Message Security | postini |
+| Google Chrome Device Management | cdm |
+| Google Drive Storage 20gb | 20gb |
+| Google Drive Storage 50gb | 50gb |
+| Google Drive Storage 200gb | 200gb |
+| Google Drive Storage 400gb | 400gb |
+| Google Drive Storage 1tb | 1tb |
+| Google Drive Storage 2tb | 2tb |
+| Google Drive Storage 4tb | 4tb |
+| Google Drive Storage 8tb | 8tb |
+| Google Drive Storage 16tb | 16tb |
+| Google Meet Global Dialing | meetdialing |
+| Google Vault | vault |
+| Google Vault Former Employee | vfe |
+| Google Voice Starter | voicestarter |
+| Google Voice Standard | voicestandard |
+| Google Voice Premier | voicepremier |
+| Google Workspace Business Starter | wsbizstart |
+| Google Workspace Business Standard | wsbizstan |
+| Google Workspace Business Plus | wsbizplus |
+| Google Workspace Enterprise Essentials | wsentess |
+| Google Workspace Enterprise Standard | wsentstan |
+| Google Workspace Enterprise Plus | wsentplus |
+| Google Workspace Essentials | wsess |
+
+# Adding a License for Users
+## Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users add license <sku>
+```
+Assign a license for the given SKU to a user or number of users.
+## Example
+This example gives members of the sales team a Vault license
+```
+gam group sales add license vault
+```
+
+This example gives users in the "Google Coordinate" OU a license for Google Coordinate
+```
+gam ou "Google Coordinate" add license Google-Coordinate
+```
+
+---
+
+
+# Updating a License for Users
+## Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users update license <sku> from <oldsku>
+```
+Update the license for the given users.
+
+## Example
+This example switches a user from Google Apps Message Security to Google Apps for Work licensing.
+```
+gam user heavydriveuser@acme.org update license gafw from gams
+```
+
+---
+
+
+# Deleting a License for Users
+## Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users delete license <sku>
+```
+Deletes the given SKU license for the users.
+
+## Example
+This example will remove the Coordinate license for all users.
+```
+gam all users delete license coordinate
+```
+
+---
+
+# Sync a License for Users
+## Syntax
+```
+gam user <username>|group <groupname>|ou <ouname>|all users sync license <sku>
+```
+Adds and removes licenses from users based on their inclusion in the specified user list. The inclusion list could be a Google Group, OrgUnit or local text file. Users who are not included in the user list and who have the license applied will have the given license type removed from their account. Users included in the user list and who do not have the license will have it added to their account.
+
+## Example
+This example will create two Google Groups named e4e and e4es, add currently licensed users to the groups and finally sync the license to the group. Because we use group_ns (group no suspended) in the last step, suspended users will have the license removed. Rerunning the final two commands on a recurring basis will keep the licenses aligned with the non-suspended group members.
+
+```
+gam create group e4e "G Suite Enterprise for EDU users"
+gam create group e4es "G Suite Enterprise for EDU Student users"
+gam update group e4e add members license gsuiteenterpriseeducation
+gam update group e4es add members license gsuiteenterpriseeducationstudent
+gam group_ns e4e sync license gsuiteenterpriseforeducation
+gam group_ns e4es sync license gsuiteenterpriseforeducationstudent

docs/Licenses.md

@@ -1,4 +1,4 @@
-# Licenses
+!# Licenses
 - [API documentation](#api-documentation)
 - [License Products and SKUs](#license-products-and-skus)
 - [Definitions](#definitions)

docs/List-Items.md

@@ -1,4 +1,4 @@
-# List Items
+!# List Items
 - [Lists of basic items](#lists-of-basic-items)
 - [List quoting rules](#list-quoting-rules)
 - [Basic Items](Basic-Items)

docs/List.md

@@ -1,4 +1,4 @@
-# List
+!# List
 
 The list command is used to verify collections of objects.
 

docs/Managing-Admins.md

@@ -0,0 +1,92 @@
+- [Grant a User an Admin Role](#grant-a-user-an-admin-role)
+- [Delete a User's Admin Role](#delete-a-users-admin-role)
+- [Print All Admin Role Assignments](#print-all-admins)
+- [Print All Admin Roles](#print-all-admin-roles)
+
+# Grant a User an Admin Role
+## Syntax
+```
+gam create admin <user> <role> customer|org_unit <OU> [condition securitygroup|nonsecuritygroup]
+```
+Grants the given user account rights as the given admin role. The command must specify whether the rights are to be granted to the entire customer G Suite domain or to a certain org_unit and it's children org unit's. Note that some roles cannot be granted to org units, they must specify customer. The optional argument condition limits the conditions for delegate admin access. This currently only works with the `_GROUPS_EDITOR_ROLE` and `_GROUPS_READER_ROLE` roles. Condition can be to limit the delegated admin to managing security groups (`securitygroup`) or to non-security groups (`nonsecuritygroup`).
+
+## Examples
+This example makes admin@acme.com a super admin
+```
+gam create admin admin@acme.com _SEED_ADMIN_ROLE customer
+```
+
+This example makes ny-helpdesk@acme.com a helpdesk admin for the /NY Org Unit.
+```
+gam create admin ny-helpdesk@acme.com _HELP_DESK_ADMIN_ROLE org_unit "NY"
+```
+This example allows sfo-helpdesk@acme.com to manage only groups that are NOT marked as security groups:
+```
+gam create admin sfo-helpdesk@acme.com _GROUPS_EDITOR_ROLE customer condition nonsecuritygroup
+```
+----
+
+# Delete a User's Admin Role
+## Syntax
+```
+gam delete admin <role assignment id>
+```
+Removes an admin role assignment. Use [Print All Admins](#print-all-admins) to see existing assignments, you're looking for the roleAssignmentId column. You can also use CSV commands to revoke all rights for a given user.
+
+## Examples
+This example revokes the given user's admin role.
+```
+gam delete admin 8771356963373081
+```
+
+This example revokes ALL admin role assignments for the oldadmin@acme.com user account.
+```
+gam print admins user oldadmin@acme.com | gam csv - gam delete admin ~roleAssignmentId
+```
+----
+
+# Print All Admins
+## Syntax
+```
+gam print admins [user <user>] [role <role>] [condition] [todrive]
+```
+Prints all admin role assignments in the G Suite instance. Note that one user account can be assigned multiple roles and can be assigned one role on multiple orgs so a single user may be returned in multiple rows. 
+
+The optional user argument limits returned role assignments to those granted to the given user.
+
+The optional role argument limits returned role assignments to those of the given role.
+
+The optional condition argument displays any conditions associated with a role assignment.
+
+The optional todrive argument tells GAM to create a Google Docs Spreadsheet instead of outputting the results to CSV.
+
+## Examples
+This example prints out all admin role assignments
+```
+gam print admins
+```
+
+This example prints out all admin role assignments for admin@acme.com
+```
+gam print admins user admin@acme.com
+```
+
+This example prints out all super admin role assignments
+```
+gam print admins role _SEED_ADMIN_ROLE
+```
+----
+
+# Print All Admin Roles
+## Syntax
+```
+gam print roles [todrive]
+```
+Prints all admin roles created within the G Suite Instance. The optional argument todrive causes GAM to create a Google Docs Spreadsheet of results instead of outputting CSV.
+
+## Examples
+This example creates a spreadsheet of all admin roles for a domain.
+```
+gam print roles todrive
+```
+----

docs/Managing-Devices.md

@@ -0,0 +1,94 @@
+- [Printing devices](#printing-devices)
+- [Sync devices with a CSV file](#sync-devices-with-a-csv-file)
+- [Get information about a device](#get-information-about-a-device)
+- [Create a corporate device](#create-a-corporate-device)
+- [Action a device (delete, wipe or cancel wipe)](#action-a-device-delete-wipe-or-cancel-wipe)
+- [Action a device user (delete, wipe, cancel wipe, approve or block)](#action-a-device-user-delete-wipe-cancel-wipe-approve-or-block)
+
+GAM 5.20 adds support for the new [Cloud Identity Devices API calls](https://cloud.google.com/identity/docs/reference/rest/v1/devices). The new API allows management of mobile and desktop devices and also allows managing your [company-owned device inventory](https://support.google.com/a/answer/9090870?hl=en).
+
+# Printing devices
+## Syntax
+```
+gam print devices [filter <filter>] [no_company_devices] [no_personal_devices]
+    [no_users] [to_drive] [sort_headers]
+```
+Prints CSV output of devices registered in your domain. The optional filter parameter limits which devices are returned based on [Google's filter syntax](https://support.google.com/a/answer/7549103). By default, both company-owned and personal/BYOD devices are retrieved. The optional arguments no_company_devices and no_personal_devices reduce which devices are retrieved. By default, information on associated user profiles is also retrieved. The optional argument no_users disables user profile retrieval. The optional argument to_drive creates a Google Sheet with the CSV data rather than outputing it to the screen. The optional argument sort_headers will sort the output columns alphabetically by header.
+
+## Example
+This example prints all devices in the domain.
+```
+gam print devices
+```
+This example prints only company-owned devices
+```
+gam print devices no_personal_devices
+```
+---
+
+# Sync devices with a CSV file
+## Syntax
+```
+gam sync devices [filter <filter>] [csv_file <csv file>] [serial_number_column <column>]
+    [device_type_column <column>] [asset_id_column <column>] [static_device_type <type>]
+    [unassigned_missing_action <delete|wipe|donothing>]
+    [assigned_missing_action <delete|wipe|donothing>]
+```
+Syncs the company-owned inventory of devices with a local CSV file. The optional filter parameter limits which devices are returned based on [Google's filter syntax](https://support.google.com/a/answer/7549103). The filter can be used to only sync the file against one portion of the company-owned inventory such as Windows or Android devices. csv_file is a required argument and specifies the CSV file GAM should read for the sync. By default, GAM looks for columns named serialNumber and deviceType, asset_id is not used. The optional arguments serial_number_column, device_type_column and asset_id_column specify other columns to use if your headers are different. If you know all devices in your CSV are of the same type you can specify static_device_type to use that type for all created devices. By default, GAM will delete any devices that are registered in Google admin company-owned inventory but are not present in (missing from) the CSV file AND have not been assigned to a user yet. Missing devices that are registered to a user will be left alone. The optional arguments unassigned_missing_action and assigned_missing_action specify what action GAM should perform on these devices.
+
+## Example
+This example reads devices.csv which has only the header serialNumber and will create any that are in the file but not in Google as well as delete any that are in Google but not the file and are not yet assigned to a user. The filter ensures that GAM is only comparing against Android devices in the Google inventory.
+```
+gam sync devices csv_file android-devices.csv filter type:android static_device_type android
+```
+----
+
+# Create a corporate device
+## Syntax
+```
+gam create device [serial_number <serial>] [device_type <type>]
+```
+Adds a new device to the Google company-owned inventory. Once a user is assigned and enrolled on the device the device will be considered company-owned for management purposes. The device will also register as company-owned with Google services like [Context-Aware Access (CAA)](https://support.google.com/a/answer/9275380?hl=en). Arguments serial_number and device_type are both required and specify the serial and device type respectively. Device type can be one of ANDROID, IOS, GOOGLE_SYNC, WINDOWS, MAC_OS, LINUX or CHROME_OS.
+
+## Example
+This example creates an Android phone so it is ready to be user-enrolled as a company-owned device
+```
+gam create device serial_number abc123 device_type android
+```
+----
+
+# Action a device (delete, wipe or cancel wipe)
+## Syntax
+```
+gam delete|wipe|cancel_wipe id <device id> [remove_reset_lock]
+```
+deletes, wipes all device data or cancels a pending wipe respectively. id is a required argument and specifies the name/ID of the device to be acted upon. On wipe, the optional argument `remove_reset_lock` will remove [the account lock on the Android or iOS device](https://support.google.com/android/answer/9459346?hl=en). This lock is enabled by default and requires the existing device user to log in after the wipe in order to unlock the device.
+
+## Example
+This example deletes a device so that it will no longer show in the Google admin console. Sync will also break for the user but no user data on device should be removed.
+```
+gam delete device id devices/CiRkMzk4N2RjYS1hODhmLTQwYTAtOTQ1Zi1mZDMwOTY2MmNjNGY%3D
+```
+This example wipes a device (factory reset). All data on the device will be lost.
+```
+gam wipe device id devices/CiRkMzk4N2RjYS1hODhmLTQwYTAtOTQ1Zi1mZDMwOTY2MmNjNGY%3D
+```
+----
+
+# Action a device user (delete, wipe, cancel wipe, approve or block)
+## Syntax
+```
+gam delete|wipe|cancelwipe|approve|block deviceuser id <device id>
+```
+deletes, wipes all device data, cancels a pending wipe respectively, approves or blocks a user profile on a device. id is a required argument and specifies the name/ID of the device user profile to be acted upon.
+
+## Example
+This example deletes a device user so that it will no longer show in the Google admin console. Sync will also break for the user but no user data on device should be removed.
+```
+gam delete deviceuser id devices/CiRjY2RiZjk5Yy01Y2EwLTQyMTUtODY4Yi0zZjI5ZGRkODc2M2M%3D/deviceUsers/0af7153a-f661-4baa-a666-e3868340290e
+```
+This example wipes a device user profile from a device. In the case of Android for Work, the work profile will be removed but the personal profile left alone.
+```
+gam wipe deviceuser id devices/CiRjY2RiZjk5Yy01Y2EwLTQyMTUtODY4Yi0zZjI5ZGRkODc2M2M%3D/deviceUsers/0af7153a-f661-4baa-a666-e3868340290e
+```
+----

docs/Managing-Google-Classroom.md

@@ -0,0 +1,298 @@
+- [Managing Courses](#managing-courses)
+  - [Creating A Course](#creating-a-course)
+  - [Updating A Course](#updating-a-course)
+  - [Getting Course Info](#getting-course-info)
+  - [Deleting A Course](#deleting-a-course)
+- [Managing Course Aliases](#managing-course-aliases)
+  - [Creating An Alias](#creating-an-alias)
+  - [Deleting An Alias](#deleting-an-alias)
+- [Managing Course Participants](#managing-course-participants)
+  - [Adding Students And Teachers To A Course](#adding-students-and-teachers-to-a-course)
+  - [Syncing Students And Teachers To A Course](#syncing-students-and-teachers-to-a-course)
+  - [Removing Students And Teachers From A Course](#removing-students-and-teachers-from-a-course)
+- [Managing Guardians](#managing-guardians)
+  - [Inviting a guardian](#inviting-a-guardian)
+  - [Deleting a guardian](#deleting-a-guardian)
+  - [Printing Guardians](#printing-guardians)
+- [Course And Course Participant Reports](#course-and-course-participant-reports)
+  - [Printing Courses](#printing-courses)
+  - [Printing Course Participants](#printing-course-participants)
+- [Troubleshooting](#troubleshooting)
+  - [403 Error](#403-error)
+
+# Managing Courses
+## Creating A Course
+### Syntax
+```
+gam create course [alias <alias>] [name <name>] [section <section>] [heading <heading>] [description <description>] [room <room>] [teacher <teacher email>] [status <PROVISIONED|ACTIVE|ARCHIVED|DECLINED>]
+```
+Provision a new course. The optional alias parameter provides a unique id which can be used to reference the course. If a course already exists with this alias, an error will be thrown. If no alias is supplied, the course must be managed by the id that is assigned to it by Google when created. The optional name, section, heading, description and room parameters provide additional details for the course. The optional teacher parameter provides the email address of the owner / primary teacher of the course. If no teacher is provided then the admin user running GAM will be the owner / primary teacher of the course. The optional status parameter provides the initial status of the course when created. If no status is provided, courses default to PROVISIONED status.
+
+### Example
+This example creates a course.
+```
+gam create course alias the-republic-s01 name "The Republic" section s01 heading "The definition of justice (δικαιοσύνη), the order and character of the just city-state and the just man" room academy-01 teacher plato@athens.edu
+```
+----
+
+## Updating A Course
+### Syntax
+```
+gam update course <id or alias> [name <name>] [section <section>]
+  [heading <heading>] [description <description>] [room <room>]
+  [status <PROVISIONED|ACTIVE|ARCHIVED|DECLINED>]
+  [owner <teacher email>]
+```
+Updates an existing course. The id or alias of the course is needed to identify the exact course to be updated. The optional name, section, heading, description and room parameters provide additional details for the course. The optional status parameter sets the status of the course. The optional owner argument sets a new owner teacher for the course. The owner email address must already be a teacher of the course and the old owner will remain a teacher of the course.
+
+### Example
+This example updates an existing course to make it active
+```
+gam update course the-republic-s01 status ACTIVE
+```
+
+This example sets a new owner for the course.
+```
+gam update course the-republic-s01 owner aristotle@athens.edu
+```
+----
+## Getting Course Info
+### Syntax
+```
+gam info course <id or alias>
+```
+Prints detailed information about a course.
+
+### Example
+This example prints information about the course
+```
+gam info course the-republic-s01
+updateTime: 2015-07-01T13:47:20.000Z
+room: academy-01
+alternateLink: http://classroom.google.com/c/MtM0NzcxNDY5
+enrollmentCode: 46rvtp
+section: s01
+creationTime: 2015-07-01T13:47:20.000Z
+courseState: ACTIVE
+ownerId: 102043113942954782808
+id: 134781269
+descriptionHeading: The definition of justice (δικαιοσύνη), the order and character of the just city-state and the just man
+name: The Republic
+Aliases:
+  the-republic-s01
+Participants:
+ Teachers:
+  Plato Plato - plato@athens.edu
+ Students:
+```
+----
+
+## Deleting A Course
+### Syntax
+```
+gam delete course <id or alias>
+```
+Deletes the given course.
+
+### Example
+This example deletes the course
+```
+gam delete course the-republic-s01
+```
+----
+
+# Managing Course Aliases
+## Creating An Alias
+### Syntax
+```
+gam course <id or alias> add alias <alias>
+```
+Create a new alias for an existing course.
+
+### Example
+This example creates an alias for a course which already has one alias.
+```
+gam course this-is-an-alias add alias this-is-another-alias
+```
+----
+
+## Deleting An Alias
+### Syntax
+```
+gam course <id or alias> delete alias <alias>
+```
+Delete an alias from an existing course.
+
+### Example
+This example deletes the alias from the add alias example above.
+```
+gam course this-is-an-alias delete alias this-is-another-alias
+```
+----
+
+# Managing Course Participants
+## Adding Students And Teachers To A Course
+### Syntax
+```
+gam course <id or alias> add student|teacher <email address>
+```
+Add the given user email address to the course as a student or teacher.
+
+### Example
+This example adds Aristotle as a student in the course
+```
+gam course the-republic-s01 add student aristotle@athens.edu
+```
+----
+
+## Syncing Students And Teachers To A Course
+### Syntax
+```
+gam course <id or alias> sync students|teachers group <group email> | ou <orgunit> | file <filename> | query <users query> | course <id or alias>
+```
+Syncs the students or teachers for the given course against another list of users. Students/Teachers not in the other list will be removed from the given course. Students/Teachers in the other list but not the course will be added.
+
+### Examples
+This example adds all users in the Google Org Unit /schools/sunnybrook/K-1 into the course. If there are students in the course that are not in this OU, they will be removed.
+```
+gam course sunnybrook-k-1 sync students ou /schools/sunnybrook/K-1
+```
+This example syncs the course teachers against members of the biology-101-teachers@sunnybrook.edu group.
+```
+gam course biology-101-s01 sync teachers group biology-101-teachers@sunnybrook.edu
+```
+This example syncs course students against a CSV file
+```
+gam course history-200-s02 sync students file history-200-s02-students.csv
+```
+----
+
+## Removing Students And Teachers From A Course
+### Syntax
+```
+gam course <id or alias> remove student|teacher <email address>
+```
+removes the given email address from the course as a student or teacher.
+
+### Example
+This example removes John from the course.
+```
+gam course the-republic-s01 remove student john@athens.edu
+```
+----
+
+# Managing Guardians
+## Inviting a Guardian
+### Syntax
+```
+gam create guardianinvite <guardian email> <student email>
+```
+Sends an email to the specified guardian email address inviting them to receive notifications for Classroom activities of given student email. The guardian email address can be any valid recipient but in order to accept the invitation the guardian must login or create a Google account. The guardian Google account does not need to be directly associated to the guardian email address.
+
+Because this command sends out email notifications externally, it is recommended that plenty of internal testing is done with guardian invites before bulk inviting real guardians.
+
+### Examples
+This example invites moma.smith@hotmail.com as a guardian of johnny.smith@acme.edu
+```
+gam create guardianinvite moma.smith@hotmail.com johnny.smith@acme.edu
+```
+Assuming you have a csv file named parents.csv that looks like:
+```
+student-email,parent-email
+johnny.smith@acme.edu,jonathan.t.smith@widgets.com
+jane.smith@acme.edu,jonathan.t.smith@widgets.com
+johnny.smith@acme.edu,judy.r.smith@gizmos.com
+jane.smith@acme.edu,judy.r.smith@gizmos.com
+george.johnson@acme.edu,johnson.fam.5@yahoo.com
+```
+this example bulk invites parents as guardians for their students.
+```
+gam csv parents.csv gam create guardianinvite ~parent-email ~student-email
+```
+----
+
+## Delete a Guardian
+### Syntax
+```
+gam delete guardian <guardian email> <student email>
+```
+Removes the given guardian as a guardian of the given student if guardian has accepted invitation and also cancels any pending invitations. The guardian will receive email notification that they have been removed as a guardian of the student.
+
+### Examples
+This example removes legal.guardian@yahoo.com as a guardian of johnny.smith@acme.edu or cancels any PENDING invitations
+```
+gam delete guardian legal.guardian@yahoo.com johnny.smith@acme.edu
+```
+----
+
+## Printing Guardians
+### Syntax
+```
+gam print guardians [invitations] [student <email>] [invitedguardian <email>] [user <username>|group <email>|ou <ouname>|all users] [states <COMPLETE,PENDING,GUARDIAN_INVITATION_STATE_UNSPECIFIED>] [todrive] [nocsv]
+```
+Prints a report of guardians. Currently you must specify a student or list of users for which to pull guardians. The optional argument invitations pulls information on guardian invitations instead of actual guardians who have been invited and accepted. Guardian invitations with a state of COMPLETE are no longer valid either because they've been accepted or rejected by the guardian, an admin has cancelled the invitation or the invitation has expired. The optional parameter student specifies the email address of a single student whose guardians or guardian invites should be pulled. The optional parameters user <email>, group <email>, ou <ouname> and all users specify a grouping of users whose guardians or guardian invites should be pulled. The optional argument states specifies a comma separated list of guardian invites that should be pulled based on their current state. The optional parameter todrive outputs the results to a Google Sheet instead of CSV. The optional parameter nocsv prints the guardians to the screen in a format that's human-eye friendly.
+
+### Examples
+This example creates a Google Sheet for all existing guardians. It makes one API call per user in the domain so may be very slow for large domains.
+```
+gam print guardians all users todrive
+```
+This example prints all guardian invitations that are still in a pending state for the /Students OU.
+```
+gam print guardians invitations states PENDING ou "/Students"
+```
+This example shows all of johnny.smith@acme.edu's current guardians.
+```
+gam print guardians student johnny.smith@acme.edu
+```
+----
+
+# Course And Course Participant Reports
+## Printing Courses
+### Syntax
+```
+gam print courses [teacher <email>] [student <email>] [state <states>] [todrive] [aliases] [delimiter <String>]
+```
+Output CSV format details of courses. By default, all courses in the organization will be returned. The optional `teacher` and `student` parameters limit the results to courses where the given user is a participant in the course of the given type. The optional state parameter specifies a comma separated list of states (active, archived, provisioned, declined, suspended). Only courses in those states will be included in the results. The optional `todrive` argument creates a Google Drive spreadsheet of the results rather than outputting the information to the console. The optional `aliases` argument uses an additional API call per course to get the course aliases. By default, multiple aliases are delimited by spaces, if you would like a different delimiter, e.g., comma, use the `delimiter <String>` argument.
+
+### Examples
+This example creates a CSV file of all courses
+```
+gam print courses
+```
+this example creates a Google Spreadsheet of all the courses Mr. Smith is teaching
+```
+gam print courses teacher mrsmith@acme.edu todrive
+```
+
+this example limits the CSV output to provisioned and active courses
+```
+gam print courses state active,provisioned
+```
+----
+
+## Printing Course Participants
+### Syntax
+```
+gam print course-participants [course <id or alias>] [student <email>] [teacher <email>] [show teachers|students|all] [todrive]
+```
+Output CSV format details of course participants. The optional course parameter limits results to the given course. Multiple course parameters can be included to pull participants for a subset of courses. If no course parameter is specified then participants will be retrieved for all courses. The optional student and teacher parameters limit the courses returned to those where the given user is a teacher or student. The optional state parameter specifies a comma separated list of states (active, archived, provisioned, declined, suspended). Only courses in those states will be included in the results. The optional show parameter limits the participants to teachers or students, and defaults to all participants. The optional todrive argument creates a Google Drive spreadsheet of the results rather than outputting the information to the console.
+
+### Examples
+This example prints all course participants in all courses.
+```
+gam print course-participants
+```
+this example creates a spreadsheet of the course participants in all three sections of Chemistry.
+```
+gam print course-participants course chemistry-101-s01 course chemistry-101-s02 course chemistry-101-s03 todrive
+```
+this example creates a spreadsheet of only the course teachers in all three sections of Chemistry.
+```
+gam print course-participants course chemistry-101-s01 course chemistry-101-s02 course chemistry-101-s03 show teachers todrive
+```
+----
+# Troubleshooting
+## 403 Error
+If you're using the default Super Admin account _(the very first account in your G Suite organization, that has all the permissions by default)_ you can get a `403: The caller does not have permission - 403 error`. In this case you have to create a new account, and assign Super Admin Role to it, and use that with gam. 
+In addition, with the default Super Admin account, the `gam print courses` will not list all the courses in the organization.

docs/Meta-Commands-and-File-Redirection.md

@@ -1,4 +1,4 @@
-# Meta Commands and File Redirection
+!# Meta Commands and File Redirection
 
 - [GAM Configuration](gam.cfg)
 - [Todrive](Todrive)

docs/Mobile-Devices.md

@@ -1,4 +1,4 @@
-# Mobile Devices
+!# Mobile Devices
 - [API documentation](#api-documentation)
 - [Query documentation](#query-documentation)
 - [Definitions](#definitions)