Organisational Policy Permissions Google Cloud for Microsoft Migration
I am attempting to shift a small business (5 email inboxes) over to Microsoft 365 business. I made sure to organise all the DNS prerequisites on both sides before performing the migration. During the automated process, while it completed no JSON file was created on the Google side. I attempted to download the API key for the service account, but I get the error that the Service account key creation is disabled.
Tracing that, I found under the organisational policies that the service account key creation (iam.disableServiceAccountKeyCreation) was enforced. There is only one account with access to the cloud, policies etc. the account is supposed to have all organisational permissions, however checking on the cloud shell, I continue to get access errors, and neither the service account or the main account appear to have permissions to make any changes.
I am brand new to this account/network/business side of IT so I am a bit unsure what the issue might be. I have attempted to make changes according to the documentation but I have had no success.
Looking at the gcloud organizations describe organizationurl.com in the return there is no depicted owner:. using `gcloud projects describe projectnametmpz' I get a do not have permission to access projects error. Similarly for
gcloud iam service-accounts keys create file.json \
--iam-account [email protected]
ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Key creation is not allowed on this service account.
If anyone could give me some pointers on how to enable the correct permissions I would be immensely grateful.
I have attempted to trace the problem on the Google end, and I have narrowed it down to being Microsoft support could not help and for Google cloud support a subscription was needed, and all the documentation seems to be sending me in cirlces.
I had the same problem after completing the EOP wizard for Workspace migration. Took me a couple of hours to figure out 8-/
With a Workspace super admin, login to https://console.cloud.google.com. Make sure you're working in the root org.
- Select IAM and admin.
- In IAM on left-hand menu, edit permissions for organisation.
- Add Organisation Policy Administrator and save.
- Go to Organisation policies in left-hand menu.
- Search for 'Disable service account key creation'.
- Edit policy, set Enforcement to Off and save.
- Change workspace from root org to the project the 365 wizard created. Mine was called projectnamempij.
- In IAM and admin, go to Service accounts in left-hand menu.
- In the 3 dots menu besides the service account, select Manage keys.
- When in service account, Add key -> Create new key.
- The json file is created and downloaded.
- Create a new endpoint in Exchange Online and use the downloaded json
Hope this helps.
- NumPy array is not JSON serializable
- JSON Response is being truncated
- How do I write JSON data to a file?
- How to extract multiple JSON objects from one file?
- How can I make sure Powershell will correctly render all non-latin characters into the output?
- integrating the objects of one array into a second array with JOLT
- parsing a JSON containing several stringified jsons using Batch and JQ
- How to read the json file in spark using scala?
- How to compare JSON documents and return the differences with Jackson or Gson?
- Best way to store JSON in an HTML attribute?
- Zend2 read all JSON files content and return results to view
- Lowercase JSON key names with JSON Marshal in Go
- Does anyone know of a good JSON time server?
- How to parse json response for ajax request?
- Parse ajax json response
- How to remove mysterious "default" field added to JSON?
- Convert json data to a html table
- Parse Aws IoT message in python
- Laravel won't obey status code
- PHP "pretty print" json_encode
- Python: Error while reading and replacing String(with special characters) from file
- Oracle JSON_OBJECT how to have a missing key
- How to check non-constant array
- pdf2json Page Unit: What is it?
- Jest - TypeError: response.json is not a function
- Flutter: JSON response incomplete
- How to format JSON PubSub message against Avro schema with "map" type field
- Reading csv file converts it to json but it takes every row in it as a string in karate
- Formatting for JSON lite
- Protobuf to json array with no key for repeated objects