Script repository

Suspend user in Google Workspace and revoke all licenses

Updated on: Jan 18, 2026, Views: 3115

Google apps

The script suspends the Google Workspace account of a user and revokes all their Google Workspace licenses. To execute the script, create a business rule, custom command or scheduled task configured for the User object type. The script performs the task using the GAM tool.

Before using the script, install and configure the GAM Tool on the computer where Adaxes service runs. For details, see GAM Wiki.

Parameters

  • $gamPath - the path to the GAM executable file.
  • $waitTimeMilliseconds - the time to wait for GAM response. It is recommended not to set a larger value than the 10 minutes limit applied by Adaxes to scripts executed by business rules, custom commands and scheduled tasks. If a script runs for more time than you specify, it will be completed, but the errors, warnings and other messages will not be added to the Execution log.
  • $userID - a value reference for the property that will be used to match the domain user account with a Google Workspace account. For example, if you specify %mail%, a Google Workspace account with the same identity as the user Mail property value will be suspended.
$gamPath = "C:\GAM\gam.exe" # TODO: modify me
$waitTimeMilliseconds = 8 * 60 * 1000 # TODO: modify me
$userID = "%mail%" # TODO: modify me

function StartProcess ($arguments)
{
    # Start GAM process.
    $processInfo = New-Object System.Diagnostics.ProcessStartInfo
    $processInfo.FileName = $gamPath
    $processInfo.RedirectStandardOutput = $true 
    $processInfo.RedirectStandardError = $true
    $processInfo.UseShellExecute = $false
    $processInfo.CreateNoWindow = $true
    $processInfo.Arguments = $arguments
    $process = New-Object System.Diagnostics.Process
    $process.StartInfo = $processInfo
    [void]$process.Start()
    $processCompleted = $process.WaitForExit($waitTimeMilliseconds)
    if (!$processCompleted)
    {
        $process.Kill()
        Write-Error "The process timeout."
        return $null
    
    }
    $resultErrors = $process.StandardError.ReadToEnd()
    $resultOutput = $process.StandardOutput.ReadToEnd()
    
    return @{
        "Output" = $resultOutput.Trim();
        "Error" = $resultErrors.Trim();
    }
}

# Get user licenses.
$gamResult = StartProcess "print licenses"
if (-not([System.String]::IsNullOrEmpty($gamResult.Output)))
{
    # Parse result
    $records = $gamResult.Output | ConvertFrom-Csv | Where {$_.userID -eq $userID}
}
else
{
    $Context.LogMessage("An error occurred when getting a list of licenses. Error: " + $gamResult.Error, "Error")
    return
}

if ($NULL -eq $records)
{
    return
}

# Remove user licenses.
foreach ($productId in $records.productId)
{
    $gamResult = StartProcess "user $userID delete license $productId"
    if ([System.String]::IsNullOrEmpty($gamResult.Output))
    {
        $Context.LogMessage("An error occurred when deleting $productId license for the $userID user. Error: " + $gamResult.Error, "Error")
    }
}

# Suspend account
$gamResult = StartProcess "update user $userID suspended on"
if ([System.String]::IsNullOrEmpty($gamResult.Output))
{
    $Context.LogMessage("An error occurred when suspending the $userID user. Error: " + $gamResult.Error, "Error")
}

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.