Organisational Policy Permissions Google Cloud for Microsoft Migration
I am attempting to shift a small business (5 email inboxes) over to Microsoft 365 business. I made sure to organise all the DNS prerequisites on both sides before performing the migration. During the automated process, while it completed no JSON file was created on the Google side. I attempted to download the API key for the service account, but I get the error that the Service account key creation is disabled.
Tracing that, I found under the organisational policies that the service account key creation (iam.disableServiceAccountKeyCreation) was enforced. There is only one account with access to the cloud, policies etc. the account is supposed to have all organisational permissions, however checking on the cloud shell, I continue to get access errors, and neither the service account or the main account appear to have permissions to make any changes.
I am brand new to this account/network/business side of IT so I am a bit unsure what the issue might be. I have attempted to make changes according to the documentation but I have had no success.
Looking at the gcloud organizations describe organizationurl.com in the return there is no depicted owner:. using `gcloud projects describe projectnametmpz' I get a do not have permission to access projects error. Similarly for
gcloud iam service-accounts keys create file.json \
--iam-account serviceaccountkey@projectid-tpmz.iam.gserviceaccount.com
ERROR: (gcloud.iam.service-accounts.keys.create) FAILED_PRECONDITION: Key creation is not allowed on this service account.
If anyone could give me some pointers on how to enable the correct permissions I would be immensely grateful.
I have attempted to trace the problem on the Google end, and I have narrowed it down to being Microsoft support could not help and for Google cloud support a subscription was needed, and all the documentation seems to be sending me in cirlces.
I had the same problem after completing the EOP wizard for Workspace migration. Took me a couple of hours to figure out 8-/
With a Workspace super admin, login to https://console.cloud.google.com. Make sure you're working in the root org.
- Select IAM and admin.
- In IAM on left-hand menu, edit permissions for organisation.
- Add Organisation Policy Administrator and save.
- Go to Organisation policies in left-hand menu.
- Search for 'Disable service account key creation'.
- Edit policy, set Enforcement to Off and save.
- Change workspace from root org to the project the 365 wizard created. Mine was called projectnamempij.
- In IAM and admin, go to Service accounts in left-hand menu.
- In the 3 dots menu besides the service account, select Manage keys.
- When in service account, Add key -> Create new key.
- The json file is created and downloaded.
- Create a new endpoint in Exchange Online and use the downloaded json
Hope this helps.
- jq: group and key by property
- How to resolve "TypeError: the JSON object must be str, bytes or bytearray, not NoneType" error, while working on translating with googletrans?
- Create a temporary image from URL not working
- How to Compare nested objects for changes and create a report of changes
- Openweathermap > json / fetch / property is not always available resulting in undefined
- No MediaTypeFormatter is available to read an object of type 'String' from content with media type 'text/plain'
- restassured jsonpath findAll not working as expected
- Import more than 1 json file using mongoimport
- Array from JSON not populating
- Convert Swagger Java Object into JSON/YAML
- ESP32, ArduinoJSON and MQTT: Stuck in process chain
- Jolt Transform add object to array
- How to get jq to output a long dataset?
- Converting from JSON to XML using c#
- JoltTransform: Split each object of input array into 2 separate object and place it in output array
- How to add in response HTTP data in Laravel?
- Vscode Run with debugger error "Launch program *file/path* does not exist
- Json_encode / JMS_Serializer, keep numeric key
- JOLT Transformation, copy an attribute into a dict at same level
- Custom TypeInfoResolver to manage polymorphic deserialization in System.Text.Json
- I am unable to figure out how to parse through an API response consisting of lists and dictionaries to get details - Python
- tsconfig.json: Build:No inputs were found in config file
- Could not determine JSON object type for anonymous type
- Convert or translate a big RDF/XML file to JSON-LD format - HOW?
- UnicodeDecodeError: 'utf8' codec can't decode byte 0xa5 in position 0: invalid start byte
- How to get some values from a JSON string in C#?
- How to Parse Out Nested Dictionaries into Pandas DataFrame
- JSON Naming Convention (snake_case, camelCase or PascalCase)
- How can I decode JSON with a key named 'Type' in Swift?
- Spotfire and Regex- Extracting Several Values Stored in One Column