gam7 7.20.3__py3-none-any.whl → 7.28.2__py3-none-any.whl

gam/__init__.py

@@ -25,17 +25,15 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.20.03'
+__version__ = '7.28.02'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
 import base64
-import calendar as calendarlib
 import codecs
 import collections
 import configparser
 import csv
-import datetime
 from email.charset import add_charset, QP
 from email.generator import Generator
 from email.header import decode_header, Header
@@ -51,7 +49,7 @@ from email.policy import SMTP as policySMTP
 import hashlib
 from html.entities import name2codepoint
 from html.parser import HTMLParser
-import http.client as http_client
+import http.client
 import importlib
 from importlib.metadata import version as lib_version
 import io
@@ -109,7 +107,7 @@ from cryptography.x509.oid import NameOID
 if not getattr(sys, 'frozen', False):
   sys.path.insert(0, os.path.dirname(os.path.realpath(__file__)))
 
-from dateutil.relativedelta import relativedelta
+import arrow
 
 from pathvalidate import sanitize_filename, sanitize_filepath
 
@@ -120,6 +118,10 @@ from google.auth.jwt import Credentials as JWTCredentials
 import google.oauth2.service_account
 import google_auth_oauthlib.flow
 import google_auth_httplib2
+import googleapiclient
+import googleapiclient.discovery
+import googleapiclient.errors
+import googleapiclient.http
 import httplib2
 
 httplib2.RETRIES = 5
@@ -149,12 +151,6 @@ import gdata.apps.audit
 import gdata.apps.audit.service
 import gdata.apps.contacts
 import gdata.apps.contacts.service
-# Import local library, does not include discovery documents
-import googleapiclient
-import googleapiclient.discovery
-import googleapiclient.errors
-import googleapiclient.http
-from iso8601 import iso8601
 
 IS08601_TIME_FORMAT = '%Y-%m-%dT%H:%M:%S%:z'
 RFC2822_TIME_FORMAT = '%a, %d %b %Y %H:%M:%S %z'
@@ -163,7 +159,7 @@ def ISOformatTimeStamp(timestamp):
   return timestamp.isoformat('T', 'seconds')
 
 def currentISOformatTimeStamp(timespec='milliseconds'):
-  return datetime.datetime.now(GC.Values[GC.TIMEZONE]).isoformat('T', timespec)
+  return arrow.now(GC.Values[GC.TIMEZONE]).isoformat('T', timespec)
 
 Act = glaction.GamAction()
 Cmd = glclargs.GamCLArgs()
@@ -213,6 +209,7 @@ ONE_GIGA_10_BYTES = 1000000000
 ONE_KILO_BYTES = 1024
 ONE_MEGA_BYTES = 1048576
 ONE_GIGA_BYTES = 1073741824
+DAYS_OF_WEEK = ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun']
 SECONDS_PER_MINUTE = 60
 SECONDS_PER_HOUR = 3600
 SECONDS_PER_DAY = 86400
@@ -378,6 +375,37 @@ YUBIKEY_VALUE_ERROR_RC = 85
 YUBIKEY_MULTIPLE_CONNECTED_RC = 86
 YUBIKEY_NOT_FOUND_RC = 87
 
+DEBUG_REDACTION_PATTERNS = [
+  # Positional patterns that redact sensitive credentials based on their location
+  (r'(Bearer\s+)\S+', r'\1*****'), # access tokens and JWTs in auth header
+  (r'([?&]refresh_token=)[^&]*', r'\1*****'), # refresh token URL parameter
+  (r'([?&]client_secret=)[^&]*', r'\1*****'), # client secret URL parameter
+  (r'([?&]key=)[^&]*', r'\1*****'), # API key URL parameter
+  (r'([?&]code=)[^&]*', r'\1*****'), # auth code URL parameter
+
+  # Pattern match patterns that redact sensitive credentials based on known credential pattern
+  (r'ya29.[0-9A-Za-z-_]+', '*****'), # Access token
+  (r'1%2F%2F[0-9A-Za-z-_]{100}|1%2F%2F[0-9A-Za-z-_]{64}|1%2F%2F[0-9A-Za-z-_]{43}', '*****'), # Refresh token
+  (r'4/[0-9A-Za-z-_]+', '*****'), # Auth code
+  (r'GOCSPX-[0-9a-zA-Z-_]{28}', '*****'), # Client secret
+  (r'AIza[0-9A-Za-z-_]{35}', '*****'), # API key
+  (r'eyJ[a-zA-Z0-9\-_]+\.eyJ[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]*', '*****'), # JWT
+  ]
+
+def redactable_debug_print(*args):
+  processed_args = []
+  for arg in args:
+    if arg.startswith('b\''):
+      sbytes = arg[2:-1]
+      sbytes = bytes(sbytes, 'utf-8')
+      arg = sbytes.decode()
+      arg = arg.replace('\\r\\n', "\n          ")
+    if GC.Values[GC.DEBUG_REDACTION]:
+      for pattern, replace in DEBUG_REDACTION_PATTERNS:
+        arg = re.sub(pattern, replace, arg)
+    processed_args.append(arg)
+  print(*processed_args)
+
 # Multiprocessing lock
 mplock = None
 
@@ -972,14 +1000,14 @@ SUSPENDED_CHOICE_MAP = {'notsuspended': False, 'suspended': True}
 def _getIsSuspended(myarg):
   if myarg in SUSPENDED_CHOICE_MAP:
     return SUSPENDED_CHOICE_MAP[myarg]
-  return getBoolean()
+  return getBoolean() #issuspended
 
 ARCHIVED_ARGUMENTS = {'notarchived', 'archived', 'isarchived'}
 ARCHIVED_CHOICE_MAP = {'notarchived': False, 'archived': True}
 def _getIsArchived(myarg):
   if myarg in ARCHIVED_CHOICE_MAP:
     return ARCHIVED_CHOICE_MAP[myarg]
-  return getBoolean()
+  return getBoolean() #isarchived
 
 def _getOptionalIsSuspendedIsArchived():
   isSuspended = isArchived = None
@@ -1552,10 +1580,12 @@ def getOrderBySortOrder(choiceMap, defaultSortOrderChoice='ASCENDING', mapSortOr
   return (getChoice(choiceMap, mapChoice=True),
           getChoice(SORTORDER_CHOICE_MAP, defaultChoice=defaultSortOrderChoice, mapChoice=mapSortOrderChoice))
 
-def orgUnitPathQuery(path, isSuspended):
+def orgUnitPathQuery(path, isSuspended, isArchived):
   query = "orgUnitPath='{0}'".format(path.replace("'", "\\'")) if path != '/' else ''
   if isSuspended is not None:
     query += f' isSuspended={isSuspended}'
+  if isArchived is not None:
+    query += f' isArchived={isArchived}'
   return query
 
 def makeOrgUnitPathAbsolute(path):
@@ -1843,13 +1873,13 @@ def getStringWithCRsNLsOrFile():
   return (unescapeCRsNLs(getString(Cmd.OB_STRING, minLen=0)), UTF8, False)
 
 def todaysDate():
-  return datetime.datetime(GM.Globals[GM.DATETIME_NOW].year, GM.Globals[GM.DATETIME_NOW].month, GM.Globals[GM.DATETIME_NOW].day,
-                           tzinfo=GC.Values[GC.TIMEZONE])
+  return arrow.Arrow(GM.Globals[GM.DATETIME_NOW].year, GM.Globals[GM.DATETIME_NOW].month, GM.Globals[GM.DATETIME_NOW].day,
+                     tzinfo=GC.Values[GC.TIMEZONE])
 
 def todaysTime():
-  return datetime.datetime(GM.Globals[GM.DATETIME_NOW].year, GM.Globals[GM.DATETIME_NOW].month, GM.Globals[GM.DATETIME_NOW].day,
-                           GM.Globals[GM.DATETIME_NOW].hour, GM.Globals[GM.DATETIME_NOW].minute,
-                           tzinfo=GC.Values[GC.TIMEZONE])
+  return arrow.Arrow(GM.Globals[GM.DATETIME_NOW].year, GM.Globals[GM.DATETIME_NOW].month, GM.Globals[GM.DATETIME_NOW].day,
+                     GM.Globals[GM.DATETIME_NOW].hour, GM.Globals[GM.DATETIME_NOW].minute,
+                     tzinfo=GC.Values[GC.TIMEZONE])
 
 def getDelta(argstr, pattern):
   if argstr == 'NOW':
@@ -1862,22 +1892,22 @@ def getDelta(argstr, pattern):
   sign = tg.group(1)
   delta = int(tg.group(2))
   unit = tg.group(3)
-  if unit == 'y':
-    deltaTime = datetime.timedelta(days=delta*365)
-  elif unit == 'w':
-    deltaTime = datetime.timedelta(weeks=delta)
-  elif unit == 'd':
-    deltaTime = datetime.timedelta(days=delta)
-  elif unit == 'h':
-    deltaTime = datetime.timedelta(hours=delta)
-  elif unit == 'm':
-    deltaTime = datetime.timedelta(minutes=delta)
+  if sign == '-':
+    delta = -delta
   baseTime = todaysDate()
   if unit in {'h', 'm'}:
-    baseTime = baseTime+datetime.timedelta(hours=GM.Globals[GM.DATETIME_NOW].hour, minutes=GM.Globals[GM.DATETIME_NOW].minute)
-  if sign == '-':
-    return baseTime-deltaTime
-  return baseTime+deltaTime
+    baseTime = baseTime.shift(hours=GM.Globals[GM.DATETIME_NOW].hour, minutes=GM.Globals[GM.DATETIME_NOW].minute)
+  if unit == 'y':
+    return baseTime.shift(days=delta*365)
+  if unit == 'w':
+    return baseTime.shift(weeks=delta)
+  if unit == 'd':
+    return baseTime.shift(days=delta)
+  if unit == 'h':
+    return baseTime.shift(hours=delta)
+  if unit == 'm':
+    return baseTime.shift(minutes=delta)
+  return baseTime
 
 DELTA_DATE_PATTERN = re.compile(r'^([+-])(\d+)([dwy])$')
 DELTA_DATE_FORMAT_REQUIRED = '(+|-)<Number>(d|w|y)'
@@ -1916,7 +1946,7 @@ def getYYYYMMDD(minLen=1, returnTimeStamp=False, returnDateTime=False, alternate
       elif argstr == 'NEVER':
         argstr = NEVER_DATE
       try:
-        dateTime = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
+        dateTime = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
         Cmd.Advance()
         if returnTimeStamp:
           return time.mktime(dateTime.timetuple())*1000
@@ -1938,7 +1968,7 @@ def getHHMM():
     argstr = Cmd.Current().strip().upper()
     if argstr:
       try:
-        datetime.datetime.strptime(argstr, HHMM_FORMAT)
+        arrow.Arrow.strptime(argstr, HHMM_FORMAT)
         Cmd.Advance()
         return argstr
       except ValueError:
@@ -1958,7 +1988,7 @@ def getYYYYMMDD_HHMM():
         argstr = NEVER_DATETIME
       argstr = argstr.replace('T', ' ')
       try:
-        datetime.datetime.strptime(argstr, YYYYMMDD_HHMM_FORMAT)
+        arrow.Arrow.strptime(argstr, YYYYMMDD_HHMM_FORMAT)
         Cmd.Advance()
         return argstr
       except ValueError:
@@ -1977,10 +2007,10 @@ def getDateOrDeltaFromNow(returnDateTime=False):
           argstr = 'TODAY'
         argDate = getDeltaDate(argstr)
       elif argstr == 'NEVER':
-        argDate = datetime.datetime.strptime(NEVER_DATE, YYYYMMDD_FORMAT)
+        argDate = arrow.Arrow.strptime(NEVER_DATE, YYYYMMDD_FORMAT)
       elif YYYYMMDD_PATTERN.match(argstr):
         try:
-          argDate = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
+          argDate = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
         except ValueError:
           invalidArgumentExit(YYYYMMDD_FORMAT_REQUIRED)
       else:
@@ -1988,12 +2018,12 @@ def getDateOrDeltaFromNow(returnDateTime=False):
       Cmd.Advance()
       if not returnDateTime:
         return argDate.strftime(YYYYMMDD_FORMAT)
-      return (datetime.datetime(argDate.year, argDate.month, argDate.day, tzinfo=GC.Values[GC.TIMEZONE]),
+      return (arrow.Arrow(argDate.year, argDate.month, argDate.day, tzinfo=GC.Values[GC.TIMEZONE]),
               GC.Values[GC.TIMEZONE], argDate.strftime(YYYYMMDD_FORMAT))
   missingArgumentExit(YYYYMMDD_FORMAT_REQUIRED)
 
 YYYYMMDDTHHMMSS_FORMAT_REQUIRED = 'yyyy-mm-ddThh:mm:ss[.fff](Z|(+|-(hh:mm)))'
-TIMEZONE_FORMAT_REQUIRED = 'Z|(+|-(hh:mm))'
+TIMEZONE_FORMAT_REQUIRED = 'utc|z|local|(+|-(hh:mm))|<ValidTimezoneName>'
 
 def getTimeOrDeltaFromNow(returnDateTime=False):
   if Cmd.ArgumentsRemaining():
@@ -2005,7 +2035,7 @@ def getTimeOrDeltaFromNow(returnDateTime=False):
         argstr = NEVER_TIME
       elif YYYYMMDD_PATTERN.match(argstr):
         try:
-          dateTime = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
+          dateTime = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
         except ValueError:
           invalidArgumentExit(YYYYMMDD_FORMAT_REQUIRED)
         try:
@@ -2013,12 +2043,12 @@ def getTimeOrDeltaFromNow(returnDateTime=False):
         except OverflowError:
           pass
       try:
-        fullDateTime, tz = iso8601.parse_date(argstr)
+        fullDateTime = arrow.get(argstr)
         Cmd.Advance()
         if not returnDateTime:
           return argstr.replace(' ', 'T')
-        return (fullDateTime, tz, argstr.replace(' ', 'T'))
-      except (iso8601.ParseError, OverflowError):
+        return (fullDateTime, fullDateTime.tzinfo, argstr.replace(' ', 'T'))
+      except (arrow.parser.ParserError, OverflowError):
         pass
       invalidArgumentExit(YYYYMMDDTHHMMSS_FORMAT_REQUIRED)
   missingArgumentExit(YYYYMMDDTHHMMSS_FORMAT_REQUIRED)
@@ -2031,19 +2061,19 @@ def getRowFilterDateOrDeltaFromNow(argstr):
     deltaDate = getDelta(argstr, DELTA_DATE_PATTERN)
     if deltaDate is None:
       return (False, DELTA_DATE_FORMAT_REQUIRED)
-    argstr = ISOformatTimeStamp(deltaDate.replace(tzinfo=iso8601.UTC))
+    argstr = ISOformatTimeStamp(deltaDate.replace(tzinfo='UTC'))
   elif argstr == 'NEVER' or YYYYMMDD_PATTERN.match(argstr):
     if argstr == 'NEVER':
       argstr = NEVER_DATE
     try:
-      dateTime = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
+      dateTime = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
     except ValueError:
       return (False, YYYYMMDD_FORMAT_REQUIRED)
-    argstr = ISOformatTimeStamp(dateTime.replace(tzinfo=iso8601.UTC))
+    argstr = ISOformatTimeStamp(dateTime.replace(tzinfo='UTC'))
   try:
-    iso8601.parse_date(argstr)
+    arrow.get(argstr)
     return (True, argstr.replace(' ', 'T'))
-  except (iso8601.ParseError, OverflowError):
+  except (arrow.parser.ParserError, OverflowError):
     return (False, YYYYMMDD_FORMAT_REQUIRED)
 
 def getRowFilterTimeOrDeltaFromNow(argstr):
@@ -2057,14 +2087,14 @@ def getRowFilterTimeOrDeltaFromNow(argstr):
     argstr = NEVER_TIME
   elif YYYYMMDD_PATTERN.match(argstr):
     try:
-      dateTime = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
+      dateTime = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
     except ValueError:
       return (False, YYYYMMDD_FORMAT_REQUIRED)
     argstr = ISOformatTimeStamp(dateTime.replace(tzinfo=GC.Values[GC.TIMEZONE]))
   try:
-    iso8601.parse_date(argstr)
+    arrow.get(argstr)
     return (True, argstr.replace(' ', 'T'))
-  except (iso8601.ParseError, OverflowError):
+  except (arrow.parser.ParserError, OverflowError):
     return (False, YYYYMMDDTHHMMSS_FORMAT_REQUIRED)
 
 def mapQueryRelativeTimes(query, keywords):
@@ -2097,9 +2127,9 @@ class StartEndTime():
       self.endDateTime, _, self.endTime = self._getValueOrDeltaFromNow(True)
     elif myarg == 'yesterday':
       currDate = todaysDate()
-      self.startDateTime = currDate+datetime.timedelta(days=-1)
+      self.startDateTime = currDate.shift(days=-1)
       self.startTime = ISOformatTimeStamp(self.startDateTime)
-      self.endDateTime = currDate+datetime.timedelta(seconds=-1)
+      self.endDateTime = currDate.shift(seconds=-1)
       self.endTime = ISOformatTimeStamp(self.endDateTime)
     elif myarg == 'today':
       currDate = todaysDate()
@@ -2114,12 +2144,12 @@ class StartEndTime():
       else:
         firstMonth = getInteger(minVal=1, maxVal=6)
       currDate = todaysDate()
-      self.startDateTime = currDate+relativedelta(months=-firstMonth, day=1, hour=0, minute=0, second=0, microsecond=0)
+      self.startDateTime = currDate.replace(day=1, hour=0, minute=0, second=0, microsecond=0).shift(months=-firstMonth)
       self.startTime = ISOformatTimeStamp(self.startDateTime)
       if myarg == 'thismonth':
         self.endDateTime = todaysTime()
       else:
-        self.endDateTime = currDate+relativedelta(day=1, hour=23, minute=59, second=59, microsecond=0)+relativedelta(days=-1)
+        self.endDateTime = currDate.replace(day=1, hour=23, minute=59, second=59, microsecond=0).shift(days=-1)
       self.endTime = ISOformatTimeStamp(self.endDateTime)
     if self.startDateTime and self.endDateTime and self.endDateTime < self.startDateTime:
       Cmd.Backup()
@@ -2335,7 +2365,7 @@ def formatLocalTime(dateTimeStr):
   if dateTimeStr in {NEVER_TIME, NEVER_TIME_NOMS}:
     return GC.Values[GC.NEVER_TIME]
   try:
-    timestamp, _ = iso8601.parse_date(dateTimeStr)
+    timestamp = arrow.get(dateTimeStr)
     if not GC.Values[GC.OUTPUT_TIMEFORMAT]:
       if GM.Globals[GM.CONVERT_TO_LOCAL_TIME]:
         return ISOformatTimeStamp(timestamp.astimezone(GC.Values[GC.TIMEZONE]))
@@ -2343,27 +2373,27 @@ def formatLocalTime(dateTimeStr):
     if GM.Globals[GM.CONVERT_TO_LOCAL_TIME]:
       return timestamp.astimezone(GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
     return timestamp.strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
-  except (iso8601.ParseError, OverflowError):
+  except (arrow.parser.ParserError, OverflowError):
     return dateTimeStr
 
 def formatLocalSecondsTimestamp(timestamp):
   if not GC.Values[GC.OUTPUT_TIMEFORMAT]:
-    return ISOformatTimeStamp(datetime.datetime.fromtimestamp(int(timestamp), GC.Values[GC.TIMEZONE]))
-  return datetime.datetime.fromtimestamp(int(timestamp), GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
+    return ISOformatTimeStamp(arrow.Arrow.fromtimestamp(int(timestamp), GC.Values[GC.TIMEZONE]))
+  return arrow.Arrow.fromtimestamp(int(timestamp), GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
 
 def formatLocalTimestamp(timestamp):
   if not GC.Values[GC.OUTPUT_TIMEFORMAT]:
-    return ISOformatTimeStamp(datetime.datetime.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]))
-  return datetime.datetime.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
+    return ISOformatTimeStamp(arrow.Arrow.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]))
+  return arrow.Arrow.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_TIMEFORMAT])
 
 def formatLocalTimestampUTC(timestamp):
-  return ISOformatTimeStamp(datetime.datetime.fromtimestamp(int(timestamp)//1000, iso8601.UTC))
+  return ISOformatTimeStamp(arrow.Arrow.fromtimestamp(int(timestamp)//1000, 'UTC'))
 
 def formatLocalDatestamp(timestamp):
   try:
     if not GC.Values[GC.OUTPUT_DATEFORMAT]:
-      return datetime.datetime.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(YYYYMMDD_FORMAT)
-    return datetime.datetime.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_DATEFORMAT])
+      return arrow.Arrow.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(YYYYMMDD_FORMAT)
+    return arrow.Arrow.fromtimestamp(int(timestamp)//1000, GC.Values[GC.TIMEZONE]).strftime(GC.Values[GC.OUTPUT_DATEFORMAT])
   except OverflowError:
     return NEVER_DATE
 
@@ -3050,9 +3080,13 @@ def getGDocData(gformat):
   mimeType = GDOC_FORMAT_MIME_TYPES[gformat]
   user = getEmailAddress()
   fileIdEntity = getDriveFileEntity(queryShortcutsOK=False)
-  user, drive, jcount = _validateUserGetFileIDs(user, 0, 0, fileIdEntity)
+  if not GC.Values[GC.COMMANDDATA_CLIENTACCESS]:
+    _, drive = buildGAPIServiceObject(API.DRIVE3, user)
+  else:
+    drive = buildGAPIObject(API.DRIVE3)
   if not drive:
     sys.exit(GM.Globals[GM.SYSEXITRC])
+  _, _, jcount = _validateUserGetFileIDs(user, 0, 0, fileIdEntity, drive=drive)
   if jcount == 0:
     getGDocSheetDataFailedExit([Ent.USER, user], Msg.NO_ENTITIES_FOUND.format(Ent.Singular(Ent.DRIVE_FILE)))
   if jcount > 1:
@@ -3106,14 +3140,21 @@ def getGSheetData():
   user = getEmailAddress()
   fileIdEntity = getDriveFileEntity(queryShortcutsOK=False)
   sheetEntity = getSheetEntity(False)
-  user, drive, jcount = _validateUserGetFileIDs(user, 0, 0, fileIdEntity)
+  if not GC.Values[GC.COMMANDDATA_CLIENTACCESS]:
+    user, drive = buildGAPIServiceObject(API.DRIVE3, user)
+  else:
+    drive = buildGAPIObject(API.DRIVE3)
   if not drive:
     sys.exit(GM.Globals[GM.SYSEXITRC])
+  _, _, jcount = _validateUserGetFileIDs(user, 0, 0, fileIdEntity, drive=drive)
   if jcount == 0:
     getGDocSheetDataFailedExit([Ent.USER, user], Msg.NO_ENTITIES_FOUND.format(Ent.Singular(Ent.DRIVE_FILE)))
   if jcount > 1:
     getGDocSheetDataFailedExit([Ent.USER, user], Msg.MULTIPLE_ENTITIES_FOUND.format(Ent.Plural(Ent.DRIVE_FILE), jcount, ','.join(fileIdEntity['list'])))
-  _, sheet = buildGAPIServiceObject(API.SHEETS, user)
+  if not GC.Values[GC.COMMANDDATA_CLIENTACCESS]:
+    _, sheet = buildGAPIServiceObject(API.SHEETS, user)
+  else:
+    sheet = buildGAPIObject(API.SHEETS)
   if not sheet:
     sys.exit(GM.Globals[GM.SYSEXITRC])
   fileId = fileIdEntity['list'][0]
@@ -3706,19 +3747,19 @@ def SetGlobalVariables():
     return stringlist
 
   def _getCfgTimezone(sectionName, itemName):
-    value = _stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName).lower())
-    if value == 'utc':
+    value = _stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName))
+    if value.lower() in {'utc', 'z'}:
       GM.Globals[GM.CONVERT_TO_LOCAL_TIME] = False
-      return iso8601.UTC
+      return arrow.now('utc').tzinfo
     GM.Globals[GM.CONVERT_TO_LOCAL_TIME] = True
-    if value == 'local':
-      return iso8601.Local
+    if value.lower() == 'local':
+      return arrow.now(value).tzinfo
     try:
-      return iso8601.parse_timezone_str(value)
-    except (iso8601.ParseError, OverflowError):
+      return arrow.now(value).tzinfo
+    except (arrow.parser.ParserError, OverflowError):
       _printValueError(sectionName, itemName, value, f'{Msg.EXPECTED}: {TIMEZONE_FORMAT_REQUIRED}')
       GM.Globals[GM.CONVERT_TO_LOCAL_TIME] = False
-      return iso8601.UTC
+      return arrow.now('utc').tzinfo
 
   def _getCfgDirectory(sectionName, itemName):
     dirPath = os.path.expanduser(_stripStringQuotes(GM.Globals[GM.PARSER].get(sectionName, itemName)))
@@ -3736,10 +3777,7 @@ def SetGlobalVariables():
     if value and not os.path.isabs(value):
       value = os.path.expanduser(os.path.join(_getCfgDirectory(sectionName, GC.CONFIG_DIR), value))
     elif not value and itemName == GC.CACERTS_PEM:
-      if hasattr(sys, '_MEIPASS'):
-        value = os.path.join(sys._MEIPASS, GC.FN_CACERTS_PEM) #pylint: disable=no-member
-      else:
-        value = os.path.join(GM.Globals[GM.GAM_PATH], GC.FN_CACERTS_PEM)
+      value = os.path.join(GM.Globals[GM.GAM_PATH], GC.FN_CACERTS_PEM)
     return value
 
   def _readGamCfgFile(config, fileName):
@@ -4047,7 +4085,7 @@ def SetGlobalVariables():
       GC.Values[itemName] = _getCfgDirectory(sectionName, itemName)
     elif varType == GC.TYPE_TIMEZONE:
       GC.Values[itemName] = _getCfgTimezone(sectionName, itemName)
-  GM.Globals[GM.DATETIME_NOW] = datetime.datetime.now(GC.Values[GC.TIMEZONE])
+  GM.Globals[GM.DATETIME_NOW] = arrow.now(GC.Values[GC.TIMEZONE])
 # Everything else except row filters
   for itemName, itemEntry in sorted(GC.VAR_INFO.items()):
     varType = itemEntry[GC.VAR_TYPE]
@@ -4117,6 +4155,8 @@ def SetGlobalVariables():
   GM.Globals[GM.OAUTH2_TXT_LOCK] = f'{GC.Values[GC.OAUTH2_TXT]}.lock'
 # Override httplib2 settings
   httplib2.debuglevel = GC.Values[GC.DEBUG_LEVEL]
+# Use our own print function for http.client so we can redact and cleanup
+  http.client.print = redactable_debug_print
 # Reset global variables if required
   if prevExtraArgsTxt != GC.Values[GC.EXTRA_ARGS]:
     GM.Globals[GM.EXTRA_ARGS_LIST] = [('prettyPrint', GC.Values[GC.DEBUG_LEVEL] > 0)]
@@ -4393,12 +4433,11 @@ _DEFAULT_TOKEN_LIFETIME_SECS = 3600  # 1 hour in seconds
 class signjwtJWTCredentials(google.auth.jwt.Credentials):
   ''' Class used for DASA '''
   def _make_jwt(self):
-    now = datetime.datetime.utcnow()
-    lifetime = datetime.timedelta(seconds=self._token_lifetime)
-    expiry = now + lifetime
+    now = arrow.utcnow()
+    expiry = now.shift(seconds=self._token_lifetime)
     payload = {
-      "iat": google.auth._helpers.datetime_to_secs(now),
-      "exp": google.auth._helpers.datetime_to_secs(expiry),
+      "iat": now.int_timestamp,
+      "exp": expiry.int_timestamp,
       "iss": self._issuer,
       "sub": self._subject,
     }
@@ -4406,7 +4445,7 @@ class signjwtJWTCredentials(google.auth.jwt.Credentials):
       payload["aud"] = self._audience
     payload.update(self._additional_claims)
     jwt = self._signer.sign(payload)
-    return jwt, expiry
+    return jwt, expiry.naive
 
 # Some Workforce Identity Federation endpoints such as GitHub Actions
 # only allow TLS 1.2 as of April 2023.
@@ -4419,15 +4458,14 @@ class signjwtCredentials(google.oauth2.service_account.Credentials):
   ''' Class used for DwD '''
 
   def _make_authorization_grant_assertion(self):
-    now = datetime.datetime.utcnow()
-    lifetime = datetime.timedelta(seconds=_DEFAULT_TOKEN_LIFETIME_SECS)
-    expiry = now + lifetime
+    now = arrow.utcnow()
+    expiry = now.shift(seconds=_DEFAULT_TOKEN_LIFETIME_SECS)
     payload = {
-        "iat": google.auth._helpers.datetime_to_secs(now),
-        "exp": google.auth._helpers.datetime_to_secs(expiry),
-        "iss": self._service_account_email,
-        "aud": API.GOOGLE_OAUTH2_TOKEN_ENDPOINT,
-        "scope": google.auth._helpers.scopes_to_string(self._scopes or ()),
+      "iat": now.int_timestamp,
+      "exp": expiry.int_timestamp,
+      "iss": self._service_account_email,
+      "aud": API.GOOGLE_OAUTH2_TOKEN_ENDPOINT,
+      "scope": google.auth._helpers.scopes_to_string(self._scopes or ()),
     }
     payload.update(self._additional_claims)
     # The subject can be a user email for domain-wide delegation.
@@ -4541,7 +4579,7 @@ def getOauth2TxtCredentials(exitOnError=True, api=None, noDASA=False, refreshOnl
           creds.token = jsonDict['access_token']
           creds._id_token = jsonDict['id_token_jwt']
           GM.Globals[GM.DECODED_ID_TOKEN] = jsonDict['id_token']
-        creds.expiry = datetime.datetime.strptime(token_expiry, YYYYMMDDTHHMMSSZ_FORMAT)
+        creds.expiry = arrow.Arrow.strptime(token_expiry, YYYYMMDDTHHMMSSZ_FORMAT, tzinfo='UTC').naive
         return (not noScopes, creds)
       if jsonDict and exitOnError:
         invalidOauth2TxtExit(Msg.INVALID)
@@ -4770,7 +4808,7 @@ def getService(api, httpObj):
           waitOnFailure(n, triesLimit, INVALID_JSON_RC, str(e))
           continue
         systemErrorExit(INVALID_JSON_RC, str(e))
-      except (http_client.ResponseNotReady, OSError, googleapiclient.errors.HttpError) as e:
+      except (http.client.ResponseNotReady, OSError, googleapiclient.errors.HttpError) as e:
         errMsg = f'Connection error: {str(e) or repr(e)}'
         if n != triesLimit:
           waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -4805,10 +4843,7 @@ def defaultSvcAcctScopes():
         saScopes[scope['api']].append(scope['scope'])
       else:
         saScopes[scope['api']].extend(scope['scope'])
-  saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
   saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
-  saScopes[API.DRIVETD] = saScopes[API.DRIVE3]
-  saScopes[API.SHEETSTD] = saScopes[API.SHEETS]
   return saScopes
 
 def _getSvcAcctData():
@@ -5086,7 +5121,7 @@ def callGData(service, function,
         e = e.args[0]
       handleOAuthTokenError(e, GDATA.SERVICE_NOT_APPLICABLE in throwErrors)
       raise GDATA.ERROR_CODE_EXCEPTION_MAP[GDATA.SERVICE_NOT_APPLICABLE](str(e))
-    except (http_client.ResponseNotReady, OSError) as e:
+    except (http.client.ResponseNotReady, OSError) as e:
       errMsg = f'Connection error: {str(e) or repr(e)}'
       if n != triesLimit:
         waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -5396,7 +5431,7 @@ def callGAPI(service, function,
         e = e.args[0]
       handleOAuthTokenError(e, GAPI.SERVICE_NOT_AVAILABLE in throwReasons)
       raise GAPI.REASON_EXCEPTION_MAP[GAPI.SERVICE_NOT_AVAILABLE](str(e))
-    except (http_client.ResponseNotReady, OSError) as e:
+    except (http.client.ResponseNotReady, OSError) as e:
       errMsg = f'Connection error: {str(e) or repr(e)}'
       if n != triesLimit:
         waitOnFailure(n, triesLimit, SOCKET_ERROR_RC, errMsg)
@@ -5615,6 +5650,12 @@ def getSaUser(user):
   GM.Globals[GM.CURRENT_CLIENT_API_SCOPES] = currentClientAPIScopes
   return userEmail
 
+def chooseSaAPI(api1, api2):
+  _getSvcAcctData()
+  if api1 in GM.Globals[GM.SVCACCT_SCOPES]:
+    return api1
+  return api2
+
 def buildGAPIServiceObject(api, user, i=0, count=0, displayError=True):
   userEmail = getSaUser(user)
   httpObj = getHttpObj(cache=GM.Globals[GM.CACHE_DIR])
@@ -6255,63 +6296,77 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
         _showInvalidEntity(Ent.USER, user)
     if GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY]:
       return entityList
-  elif entityType in {Cmd.ENTITY_ALL_USERS, Cmd.ENTITY_ALL_USERS_NS, Cmd.ENTITY_ALL_USERS_NS_SUSP, Cmd.ENTITY_ALL_USERS_SUSP}:
+  elif entityType in Cmd.ALL_USER_ENTITY_TYPES:
     cd = buildGAPIObject(API.DIRECTORY)
-    if entityType == Cmd.ENTITY_ALL_USERS and isSuspended is not None:
-      query = f'isSuspended={isSuspended}'
+    if entityType == Cmd.ENTITY_ALL_USERS and ((isSuspended is not None) or (isArchived is not None)):
+      if isSuspended is not None:
+        query = f'isSuspended={isSuspended}'
+        if isArchived is not None:
+          query += f' isArchived={isArchived}'
+      else:
+        query = f'isArchived={isArchived}'
     else:
       query = Cmd.ALL_USERS_QUERY_MAP[entityType]
-    printGettingAllAccountEntities(Ent.USER)
+    printGettingAllAccountEntities(Ent.USER, query=query)
     try:
       result = callGAPIpages(cd.users(), 'list', 'users',
                              pageMessage=getPageMessage(),
                              throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                              retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                             customer=GC.Values[GC.CUSTOMER_ID],
-                             query=query, orderBy='email', fields='nextPageToken,users(primaryEmail,archived)',
+                             customer=GC.Values[GC.CUSTOMER_ID], query=query, orderBy='email',
+                             fields='nextPageToken,users(primaryEmail)',
                              maxResults=GC.Values[GC.USER_MAX_RESULTS])
     except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
       accessErrorExit(cd)
-    entityList = [user['primaryEmail'] for user in result if isArchived is None or isArchived == user['archived']]
-    printGotAccountEntities(len(entityList))
-  elif entityType in {Cmd.ENTITY_DOMAINS, Cmd.ENTITY_DOMAINS_NS, Cmd.ENTITY_DOMAINS_SUSP}:
-    if entityType == Cmd.ENTITY_DOMAINS_NS:
-      query = 'isSuspended=False'
-    elif entityType == Cmd.ENTITY_DOMAINS_SUSP:
-      query = 'isSuspended=True'
-    elif isSuspended is not None:
-      query = f'isSuspended={isSuspended}'
+    entityList = [user['primaryEmail'] for user in result]
+  elif entityType == Cmd.ENTITY_ALL_USERS_ARCH_OR_SUSP:
+    cd = buildGAPIObject(API.DIRECTORY)
+    for query in ['isSuspended=True', 'isArchived=True']:
+      printGettingAllAccountEntities(Ent.USER, query)
+      try:
+        result = callGAPIpages(cd.users(), 'list', 'users',
+                               pageMessage=getPageMessage(),
+                               throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
+                               retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                               customer=GC.Values[GC.CUSTOMER_ID], query=query, orderBy='email',
+                               fields='nextPageToken,users(primaryEmail)',
+                               maxResults=GC.Values[GC.USER_MAX_RESULTS])
+      except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.forbidden):
+        accessErrorExit(cd)
+      entitySet |= {user['primaryEmail'] for user in result}
+    entityList = sorted(list(entitySet))
+  elif entityType in Cmd.DOMAIN_ENTITY_TYPES:
+    if entityType == Cmd.ENTITY_DOMAINS and ((isSuspended is not None) or (isArchived is not None)):
+      if isSuspended is not None:
+        query = f'isSuspended={isSuspended}'
+        if isArchived is not None:
+          query += f' isArchived={isArchived}'
+      else:
+        query = f'isArchived={isArchived}'
     else:
-      query = None
+      query = Cmd.DOMAINS_QUERY_MAP[entityType]
     cd = buildGAPIObject(API.DIRECTORY)
     domains = convertEntityToList(entity)
     for domain in domains:
-      printGettingAllEntityItemsForWhom(Ent.USER, domain, entityType=Ent.DOMAIN)
+      printGettingAllEntityItemsForWhom(Ent.USER, domain, query=query, entityType=Ent.DOMAIN)
       try:
         result = callGAPIpages(cd.users(), 'list', 'users',
                                pageMessage=getPageMessageForWhom(),
                                throwReasons=[GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.DOMAIN_NOT_FOUND, GAPI.FORBIDDEN],
                                retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                               domain=domain,
-                               query=query, orderBy='email', fields='nextPageToken,users(primaryEmail,archived)',
+                               domain=domain, query=query, orderBy='email',
+                               fields='nextPageToken,users(primaryEmail)',
                                maxResults=GC.Values[GC.USER_MAX_RESULTS])
       except (GAPI.badRequest, GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.forbidden):
         checkEntityDNEorAccessErrorExit(cd, Ent.DOMAIN, domain)
         _incrEntityDoesNotExist(Ent.DOMAIN)
         continue
-      entityList = [user['primaryEmail'] for user in result if isArchived is None or isArchived == user['archived']]
-      printGotAccountEntities(len(entityList))
-  elif entityType in {Cmd.ENTITY_GROUP, Cmd.ENTITY_GROUPS,
-                      Cmd.ENTITY_GROUP_NS, Cmd.ENTITY_GROUPS_NS,
-                      Cmd.ENTITY_GROUP_SUSP, Cmd.ENTITY_GROUPS_SUSP,
-                      Cmd.ENTITY_GROUP_INDE, Cmd.ENTITY_GROUPS_INDE}:
-    if entityType in {Cmd.ENTITY_GROUP_NS, Cmd.ENTITY_GROUPS_NS}:
-      isSuspended = False
-    elif entityType in {Cmd.ENTITY_GROUP_SUSP, Cmd.ENTITY_GROUPS_SUSP}:
-      isSuspended = True
+      entityList.extend([user['primaryEmail'] for user in result])
+  elif entityType in Cmd.GROUP_ENTITY_TYPES or entityType in Cmd.GROUPS_ENTITY_TYPES:
+    isArchived, isSuspended = Cmd.GROUPS_QUERY_MAP.get(entityType, (isArchived, isSuspended))
     includeDerivedMembership = entityType in {Cmd.ENTITY_GROUP_INDE, Cmd.ENTITY_GROUPS_INDE}
     cd = buildGAPIObject(API.DIRECTORY)
-    groups = convertEntityToList(entity, nonListEntityType=entityType in {Cmd.ENTITY_GROUP, Cmd.ENTITY_GROUP_NS, Cmd.ENTITY_GROUP_SUSP, Cmd.ENTITY_GROUP_INDE})
+    groups = convertEntityToList(entity, nonListEntityType=entityType in Cmd.GROUP_ENTITY_TYPES)
     for group in groups:
       if validateEmailAddressOrUID(group, checkPeople=False):
         group = normalizeEmailAddressOrUID(group)
@@ -6337,11 +6392,8 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
             entityList.append(email)
       else:
         _showInvalidEntity(Ent.GROUP, group)
-  elif entityType in {Cmd.ENTITY_GROUP_USERS, Cmd.ENTITY_GROUP_USERS_NS, Cmd.ENTITY_GROUP_USERS_SUSP, Cmd.ENTITY_GROUP_USERS_SELECT}:
-    if entityType == Cmd.ENTITY_GROUP_USERS_NS:
-      isSuspended = False
-    elif entityType == Cmd.ENTITY_GROUP_USERS_SUSP:
-      isSuspended = True
+  elif entityType in Cmd.GROUP_USERS_ENTITY_TYPES:
+    isArchived, isSuspended = Cmd.GROUP_USERS_QUERY_MAP.get(entityType, (isArchived, isSuspended))
     cd = buildGAPIObject(API.DIRECTORY)
     groups = convertEntityToList(entity)
     includeDerivedMembership = False
@@ -6432,21 +6484,13 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
         _addCIGroupUsersToUsers(name, groupEmail, recursive)
       else:
         _showInvalidEntity(Ent.GROUP, group)
-  elif entityType in {Cmd.ENTITY_OU, Cmd.ENTITY_OUS, Cmd.ENTITY_OU_AND_CHILDREN, Cmd.ENTITY_OUS_AND_CHILDREN,
-                      Cmd.ENTITY_OU_NS, Cmd.ENTITY_OUS_NS, Cmd.ENTITY_OU_AND_CHILDREN_NS, Cmd.ENTITY_OUS_AND_CHILDREN_NS,
-                      Cmd.ENTITY_OU_SUSP, Cmd.ENTITY_OUS_SUSP, Cmd.ENTITY_OU_AND_CHILDREN_SUSP, Cmd.ENTITY_OUS_AND_CHILDREN_SUSP}:
-    if entityType in {Cmd.ENTITY_OU_NS, Cmd.ENTITY_OUS_NS, Cmd.ENTITY_OU_AND_CHILDREN_NS, Cmd.ENTITY_OUS_AND_CHILDREN_NS}:
-      isSuspended = False
-    elif entityType in {Cmd.ENTITY_OU_SUSP, Cmd.ENTITY_OUS_SUSP, Cmd.ENTITY_OU_AND_CHILDREN_SUSP, Cmd.ENTITY_OUS_AND_CHILDREN_SUSP}:
-      isSuspended = True
+  elif entityType in Cmd.OU_ENTITY_TYPES or entityType in Cmd.OUS_ENTITY_TYPES:
+    isArchived, isSuspended = Cmd.OU_QUERY_MAP.get(entityType, (isArchived, isSuspended))
     cd = buildGAPIObject(API.DIRECTORY)
-    ous = convertEntityToList(entity, shlexSplit=True, nonListEntityType=entityType in {Cmd.ENTITY_OU, Cmd.ENTITY_OU_AND_CHILDREN,
-                                                                                        Cmd.ENTITY_OU_NS, Cmd.ENTITY_OU_AND_CHILDREN_NS,
-                                                                                        Cmd.ENTITY_OU_SUSP, Cmd.ENTITY_OU_AND_CHILDREN_SUSP})
-    directlyInOU = entityType in {Cmd.ENTITY_OU, Cmd.ENTITY_OUS, Cmd.ENTITY_OU_NS, Cmd.ENTITY_OUS_NS, Cmd.ENTITY_OU_SUSP, Cmd.ENTITY_OUS_SUSP}
+    ous = convertEntityToList(entity, shlexSplit=True, nonListEntityType=entityType in Cmd.OU_ENTITY_TYPES)
+    directlyInOU = entityType in Cmd.OU_DIRECT_ENTITY_TYPES
     qualifier = Msg.DIRECTLY_IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT)) if directlyInOU else Msg.IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT))
-    fields = 'nextPageToken,users(primaryEmail,orgUnitPath,archived)' if directlyInOU else 'nextPageToken,users(primaryEmail,archived)'
-    prevLen = 0
+    fields = 'nextPageToken,users(primaryEmail,orgUnitPath)' if directlyInOU else 'nextPageToken,users(primaryEmail)'
     for ou in ous:
       ou = makeOrgUnitPathAbsolute(ou)
       if ou.startswith('id:'):
@@ -6471,22 +6515,17 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
                               throwReasons=[GAPI.INVALID_ORGUNIT, GAPI.ORGUNIT_NOT_FOUND,
                                             GAPI.INVALID_INPUT, GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                               retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                              customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(ou, isSuspended), orderBy='email',
+                              customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(ou, isSuspended, isArchived), orderBy='email',
                               fields=fields, maxResults=GC.Values[GC.USER_MAX_RESULTS])
         for users in feed:
           if directlyInOU:
             for user in users:
-              if ouLower == user.get('orgUnitPath', '').lower() and (isArchived is None or isArchived == user['archived']):
+              if ouLower == user.get('orgUnitPath', '').lower():
                 usersInOU += 1
                 entityList.append(user['primaryEmail'])
-          elif isArchived is None:
+          else:
             entityList.extend([user['primaryEmail'] for user in users])
             usersInOU += len(users)
-          else:
-            for user in users:
-              if isArchived == user['archived']:
-                usersInOU += 1
-                entityList.append(user['primaryEmail'])
         setGettingAllEntityItemsForWhom(Ent.USER, ou, qualifier=qualifier)
         printGotEntityItemsForWhom(usersInOU)
       except (GAPI.invalidInput, GAPI.invalidOrgunit, GAPI.orgunitNotFound, GAPI.backendError, GAPI.badRequest,
@@ -6496,7 +6535,6 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
   elif entityType in {Cmd.ENTITY_QUERY, Cmd.ENTITY_QUERIES}:
     cd = buildGAPIObject(API.DIRECTORY)
     queries = convertEntityToList(entity, shlexSplit=True, nonListEntityType=entityType == Cmd.ENTITY_QUERY)
-    prevLen = 0
     for query in queries:
       printGettingAllAccountEntities(Ent.USER, query)
       try:
@@ -6520,9 +6558,6 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
             email not in entitySet):
           entitySet.add(email)
           entityList.append(email)
-      totalLen = len(entityList)
-      printGotAccountEntities(totalLen-prevLen)
-      prevLen = totalLen
   elif entityType == Cmd.ENTITY_LICENSES:
     skusList = []
     for item in entity.split(','):
@@ -6581,8 +6616,7 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
         ClientAPIAccessDeniedExit(str(e))
   elif entityType == Cmd.ENTITY_CROS:
     buildGAPIObject(API.DIRECTORY)
-    result = convertEntityToList(entity)
-    for deviceId in result:
+    for deviceId in convertEntityToList(entity):
       if deviceId not in entitySet:
         entitySet.add(deviceId)
         entityList.append(deviceId)
@@ -6606,7 +6640,6 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
                                   nonListEntityType=entityType == Cmd.ENTITY_CROS_QUERY)
     if entityType == Cmd.ENTITY_CROS_SN:
       queries = [f'id:{query}' for query in queries]
-    prevLen = 0
     for query in queries:
       printGettingAllAccountEntities(Ent.CROS_DEVICE, query)
       try:
@@ -6627,25 +6660,15 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
         if deviceId not in entitySet:
           entitySet.add(deviceId)
           entityList.append(deviceId)
-      totalLen = len(entityList)
-      printGotAccountEntities(totalLen-prevLen)
-      prevLen = totalLen
-  elif entityType in {Cmd.ENTITY_CROS_OU, Cmd.ENTITY_CROS_OU_AND_CHILDREN, Cmd.ENTITY_CROS_OUS, Cmd.ENTITY_CROS_OUS_AND_CHILDREN,
-                      Cmd.ENTITY_CROS_OU_QUERY, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERY, Cmd.ENTITY_CROS_OUS_QUERY, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERY,
-                      Cmd.ENTITY_CROS_OU_QUERIES, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERIES, Cmd.ENTITY_CROS_OUS_QUERIES, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERIES}:
+  elif entityType in Cmd.CROS_OU_ENTITY_TYPES or entityType in Cmd.CROS_OUS_ENTITY_TYPES:
     cd = buildGAPIObject(API.DIRECTORY)
-    ous = convertEntityToList(entity, shlexSplit=True,
-                              nonListEntityType=entityType in {Cmd.ENTITY_CROS_OU, Cmd.ENTITY_CROS_OU_AND_CHILDREN,
-                                                               Cmd.ENTITY_CROS_OU_QUERY, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERY,
-                                                               Cmd.ENTITY_CROS_OU_QUERIES, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERIES})
+    ous = convertEntityToList(entity, shlexSplit=True, nonListEntityType=entityType in Cmd.CROS_OU_ENTITY_TYPES)
     numOus = len(ous)
-    includeChildOrgunits = entityType in {Cmd.ENTITY_CROS_OU_AND_CHILDREN, Cmd.ENTITY_CROS_OUS_AND_CHILDREN,
-                                          Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERY, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERY,
-                                          Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERIES, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERIES}
+    includeChildOrgunits = entityType in Cmd.CROS_OU_CHILDREN_ENTITY_TYPES
     allQualifier = Msg.DIRECTLY_IN_THE.format(Ent.Choose(Ent.ORGANIZATIONAL_UNIT, numOus)) if not includeChildOrgunits else Msg.IN_THE.format(Ent.Choose(Ent.ORGANIZATIONAL_UNIT, numOus))
-    if entityType in {Cmd.ENTITY_CROS_OU_QUERY, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERY, Cmd.ENTITY_CROS_OUS_QUERY, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERY}:
+    if entityType in Cmd.CROS_OU_QUERY_ENTITY_TYPES:
       queries = getQueries('query')
-    elif entityType in {Cmd.ENTITY_CROS_OU_QUERIES, Cmd.ENTITY_CROS_OU_AND_CHILDREN_QUERIES, Cmd.ENTITY_CROS_OUS_QUERIES, Cmd.ENTITY_CROS_OUS_AND_CHILDREN_QUERIES}:
+    elif entityType in Cmd.CROS_OU_QUERIES_ENTITY_TYPES:
       queries = getQueries('queries')
     else:
       queries = [None]
@@ -6718,7 +6741,6 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
     customerId = _getCustomerIdNoC()
     queries = convertEntityToList(entity, shlexSplit=entityType == Cmd.ENTITY_BROWSER_QUERIES,
                                   nonListEntityType=entityType == Cmd.ENTITY_BROWSER_QUERY)
-    prevLen = 0
     for query in queries:
       printGettingAllAccountEntities(Ent.CHROME_BROWSER, query)
       try:
@@ -6738,9 +6760,6 @@ def getItemsToModify(entityType, entity, memberRoles=None, isSuspended=None, isA
         if deviceId not in entitySet:
           entitySet.add(deviceId)
           entityList.append(deviceId)
-      totalLen = len(entityList)
-      printGotAccountEntities(totalLen-prevLen)
-      prevLen = totalLen
   else:
     systemErrorExit(UNKNOWN_ERROR_RC, 'getItemsToModify coding error')
   for errorType in [ENTITY_ERROR_DNE, ENTITY_ERROR_INVALID]:
@@ -7053,10 +7072,7 @@ def getEntityToModify(defaultEntityType=None, browserAllowed=False, crosAllowed=
         choices += Cmd.CROS_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES
       entityType = mapEntityType(getChoice(choices), typeMap)
       return (Cmd.ENTITY_USERS if entityType not in Cmd.CROS_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES else Cmd.ENTITY_CROS,
-              getItemsToModify(entityType, getEntitiesFromFile(shlexSplit=entityType in [Cmd.ENTITY_OUS, Cmd.ENTITY_OUS_AND_CHILDREN,
-                                                                                         Cmd.ENTITY_OUS_NS, Cmd.ENTITY_OUS_AND_CHILDREN_NS,
-                                                                                         Cmd.ENTITY_OUS_SUSP, Cmd.ENTITY_OUS_AND_CHILDREN_SUSP,
-                                                                                         Cmd.ENTITY_CROS_OUS, Cmd.ENTITY_CROS_OUS_AND_CHILDREN])))
+              getItemsToModify(entityType, getEntitiesFromFile(shlexSplit=entityType in Cmd.OUS_ENTITY_TYPES | {Cmd.ENTITY_CROS_OUS, Cmd.ENTITY_CROS_OUS_AND_CHILDREN})))
     if entitySelector == Cmd.ENTITY_SELECTOR_CSVDATAFILE:
       if userAllowed:
         choices += Cmd.USER_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES if not GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY] else [Cmd.ENTITY_USERS]
@@ -7064,10 +7080,7 @@ def getEntityToModify(defaultEntityType=None, browserAllowed=False, crosAllowed=
         choices += Cmd.CROS_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES
       entityType = mapEntityType(getChoice(choices), typeMap)
       return (Cmd.ENTITY_USERS if entityType not in Cmd.CROS_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES else Cmd.ENTITY_CROS,
-              getItemsToModify(entityType, getEntitiesFromCSVFile(shlexSplit=entityType in [Cmd.ENTITY_OUS, Cmd.ENTITY_OUS_AND_CHILDREN,
-                                                                                            Cmd.ENTITY_OUS_NS, Cmd.ENTITY_OUS_AND_CHILDREN_NS,
-                                                                                            Cmd.ENTITY_OUS_SUSP, Cmd.ENTITY_OUS_AND_CHILDREN_SUSP,
-                                                                                            Cmd.ENTITY_CROS_OUS, Cmd.ENTITY_CROS_OUS_AND_CHILDREN])))
+              getItemsToModify(entityType, getEntitiesFromCSVFile(shlexSplit=entityType in Cmd.OUS_ENTITY_TYPES | {Cmd.ENTITY_CROS_OUS, Cmd.ENTITY_CROS_OUS_AND_CHILDREN})))
     if entitySelector == Cmd.ENTITY_SELECTOR_CSVKMD:
       if userAllowed:
         choices += Cmd.USER_ENTITY_SELECTOR_DATAFILE_CSVKMD_SUBTYPES if not GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY] else [Cmd.ENTITY_USERS]
@@ -7110,10 +7123,7 @@ def getEntityToModify(defaultEntityType=None, browserAllowed=False, crosAllowed=
   if not GC.Values[GC.USER_SERVICE_ACCOUNT_ACCESS_ONLY]:
     buildGAPIObject(API.DIRECTORY)
   if entityClass == Cmd.ENTITY_USERS:
-    if entityType in [Cmd.ENTITY_GROUP_USERS,
-                      Cmd.ENTITY_GROUP_USERS_NS, Cmd.ENTITY_GROUP_USERS_SUSP,
-                      Cmd.ENTITY_GROUP_USERS_SELECT,
-                      Cmd.ENTITY_CIGROUP_USERS]:
+    if entityType in Cmd.GROUP_USERS_ENTITY_TYPES | {Cmd.ENTITY_CIGROUP_USERS}:
       # Skip over sub-arguments
       while Cmd.ArgumentsRemaining():
         myarg = getArgument()
@@ -7431,15 +7441,15 @@ def RowFilterMatch(row, titlesList, rowFilter, rowFilterModeAll, rowDropFilter,
   def stripTimeFromDateTime(rowDate):
     if YYYYMMDD_PATTERN.match(rowDate):
       try:
-        rowTime = datetime.datetime.strptime(rowDate, YYYYMMDD_FORMAT)
+        rowTime = arrow.Arrow.strptime(rowDate, YYYYMMDD_FORMAT)
       except ValueError:
         return None
     else:
       try:
-        rowTime, _ = iso8601.parse_date(rowDate)
-      except (iso8601.ParseError, OverflowError):
+        rowTime = arrow.get(rowDate)
+      except (arrow.parser.ParserError, OverflowError):
         return None
-    return ISOformatTimeStamp(datetime.datetime(rowTime.year, rowTime.month, rowTime.day, tzinfo=iso8601.UTC))
+    return ISOformatTimeStamp(arrow.Arrow(rowTime.year, rowTime.month, rowTime.day, tzinfo='UTC'))
 
   def rowDateTimeFilterMatch(dateMode, op, filterDate):
     def checkMatch(rowDate):
@@ -7501,8 +7511,8 @@ def RowFilterMatch(row, titlesList, rowFilter, rowFilterModeAll, rowDropFilter,
     if YYYYMMDD_PATTERN.match(rowDate):
       return None
     try:
-      rowTime, _ = iso8601.parse_date(rowDate)
-    except (iso8601.ParseError, OverflowError):
+      rowTime = arrow.get(rowDate)
+    except (arrow.parser.ParserError, OverflowError):
       return None
     return f'{rowTime.hour:02d}:{rowTime.minute:02d}'
 
@@ -7905,6 +7915,13 @@ class CSVPrintFile():
       if title not in self.titlesSet:
         self.AddTitle(title)
 
+  def InsertTitles(self, position, titles):
+    for title in titles if isinstance(titles, list) else [titles]:
+      if title not in self.titlesSet:
+        self.titlesSet.add(title)
+        self.titlesList.insert(position, title)
+        position += 1
+
   def SetTitles(self, titles):
     self.titlesSet = set()
     self.titlesList = []
@@ -8060,7 +8077,7 @@ class CSVPrintFile():
 
     def getDriveObject():
       if not GC.Values[GC.TODRIVE_CLIENTACCESS]:
-        _, drive = buildGAPIServiceObject(API.DRIVETD, self.todrive['user'])
+        _, drive = buildGAPIServiceObject(chooseSaAPI(API.DRIVETD, API.DRIVE3), self.todrive['user'])
         if not drive:
           invalidTodriveUserExit(Ent.USER, Msg.NOT_FOUND)
       else:
@@ -8213,7 +8230,7 @@ class CSVPrintFile():
           if result['mimeType'] != MIMETYPE_GA_SPREADSHEET:
             invalidTodriveFileIdExit([], f'{Msg.NOT_A} {Ent.Singular(Ent.SPREADSHEET)}', tdfileidLocation)
           if not GC.Values[GC.TODRIVE_CLIENTACCESS]:
-            _, sheet = buildGAPIServiceObject(API.SHEETSTD, self.todrive['user'])
+            _, sheet = buildGAPIServiceObject(chooseSaAPI(API.SHEETSTD, API.SHEETS), self.todrive['user'])
             if sheet is None:
               invalidTodriveUserExit(Ent.USER, Msg.NOT_FOUND)
           else:
@@ -8703,10 +8720,10 @@ class CSVPrintFile():
             sheetTitle = self.todrive['sheetEntity']['sheetTitle']
         else:
           sheetTitle = self.todrive['sheettitle']
-        tdbasetime = tdtime = datetime.datetime.now(GC.Values[GC.TIMEZONE])
+        tdbasetime = tdtime = arrow.now(GC.Values[GC.TIMEZONE])
         if self.todrive['daysoffset'] is not None or self.todrive['hoursoffset'] is not None:
-          tdtime = tdbasetime+relativedelta(days=-self.todrive['daysoffset'] if self.todrive['daysoffset'] is not None else 0,
-                                            hours=-self.todrive['hoursoffset'] if self.todrive['hoursoffset'] is not None else 0)
+          tdtime = tdbasetime.shift(days=-self.todrive['daysoffset'] if self.todrive['daysoffset'] is not None else 0,
+                                    hours=-self.todrive['hoursoffset'] if self.todrive['hoursoffset'] is not None else 0)
         if self.todrive['timestamp']:
           if title:
             title += ' - '
@@ -8716,8 +8733,8 @@ class CSVPrintFile():
             title += tdtime.strftime(self.todrive['timeformat'])
         if self.todrive['sheettimestamp']:
           if self.todrive['sheetdaysoffset'] is not None or self.todrive['sheethoursoffset'] is not None:
-            tdtime = tdbasetime+relativedelta(days=-self.todrive['sheetdaysoffset'] if self.todrive['sheetdaysoffset'] is not None else 0,
-                                              hours=-self.todrive['sheethoursoffset'] if self.todrive['sheethoursoffset'] is not None else 0)
+            tdtime = tdbasetime.shift(days=-self.todrive['sheetdaysoffset'] if self.todrive['sheetdaysoffset'] is not None else 0,
+                                      hours=-self.todrive['sheethoursoffset'] if self.todrive['sheethoursoffset'] is not None else 0)
           if sheetTitle:
             sheetTitle += ' - '
           if not self.todrive['sheettimeformat']:
@@ -8726,7 +8743,7 @@ class CSVPrintFile():
             sheetTitle += tdtime.strftime(self.todrive['sheettimeformat'])
         action = Act.Get()
         if not GC.Values[GC.TODRIVE_CLIENTACCESS]:
-          user, drive = buildGAPIServiceObject(API.DRIVETD, self.todrive['user'])
+          user, drive = buildGAPIServiceObject(chooseSaAPI(API.DRIVETD, API.DRIVE3), self.todrive['user'])
           if not drive:
             closeFile(csvFile)
             return
@@ -8759,7 +8776,7 @@ class CSVPrintFile():
             if result['mimeType'] != MIMETYPE_GA_SPREADSHEET:
               todriveCSVErrorExit(entityValueList, f'{Msg.NOT_A} {Ent.Singular(Ent.SPREADSHEET)}')
             if not GC.Values[GC.TODRIVE_CLIENTACCESS]:
-              _, sheet = buildGAPIServiceObject(API.SHEETSTD, user)
+              _, sheet = buildGAPIServiceObject(chooseSaAPI(API.SHEETSTD, API.SHEETS), user)
               if sheet is None:
                 return
             else:
@@ -8907,7 +8924,7 @@ class CSVPrintFile():
                 (self.todrive['sheetEntity'] or self.todrive['locale'] or self.todrive['timeZone'] or
                  self.todrive['sheettitle'] or self.todrive['cellwrap'] or self.todrive['cellnumberformat'])):
               if not GC.Values[GC.TODRIVE_CLIENTACCESS]:
-                _, sheet = buildGAPIServiceObject(API.SHEETSTD, user)
+                _, sheet = buildGAPIServiceObject(chooseSaAPI(API.SHEETSTD, API.SHEETS), user)
                 if sheet is None:
                   return
               else:
@@ -9160,12 +9177,12 @@ def flattenJSON(topStructure, flattened=None,
 # Show a json object
 def showJSON(showName, showValue, skipObjects=None, timeObjects=None,
              simpleLists=None, dictObjectsKey=None, sortDictKeys=True):
-  def _show(objectName, objectValue, subObjectKey, level, subSkipObjects):
+  def _show(objectName, objectValue, subObjectKey, subObjectName, level, subSkipObjects):
     if objectName in subSkipObjects:
       return
     if objectName is not None:
       printJSONKey(objectName)
-      subObjectKey = dictObjectsKey.get(objectName)
+    subObjectKey = dictObjectsKey.get(objectName)
     if isinstance(objectValue, list):
       if objectName in simpleLists:
         printJSONValue(' '.join(objectValue))
@@ -9183,10 +9200,12 @@ def showJSON(showName, showValue, skipObjects=None, timeObjects=None,
         if isinstance(subValue, (str, bool, float, int)):
           printKeyValueList([subValue])
         else:
-          _show(None, subValue, subObjectKey, level+1, DEFAULT_SKIP_OBJECTS)
+          _show(None, subValue, subObjectKey, objectName, level+1, DEFAULT_SKIP_OBJECTS)
       if objectName is not None:
         Ind.Decrement()
     elif isinstance(objectValue, dict):
+      if not subObjectKey:
+        subObjectKey = dictObjectsKey.get(subObjectName)
       indentAfterFirst = unindentAfterLast = False
       if objectName is not None:
         printBlankLine()
@@ -9194,13 +9213,23 @@ def showJSON(showName, showValue, skipObjects=None, timeObjects=None,
       elif level > 0:
         indentAfterFirst = unindentAfterLast = True
       subObjects = sorted(objectValue) if sortDictKeys else objectValue.keys()
-      if subObjectKey and (subObjectKey in subObjects):
-        subObjects.remove(subObjectKey)
-        subObjects.insert(0, subObjectKey)
-        subObjectKey = None
+      if subObjectKey:
+        if subObjectKey in subObjects:
+          subObjects.remove(subObjectKey)
+          subObjects.insert(0, subObjectKey)
+          subObjectKey = None
+        elif subObjectName == 'permissions': # subObjectKey in displayName
+          if 'id' in objectValue:
+            if objectValue['id'] == 'anyone':
+              objectValue[subObjectKey] = 'Anyone'
+            elif objectValue['id'] == 'anyoneWithLink':
+              objectValue[subObjectKey] = 'Anyone with Link'
+            else:
+              objectValue[subObjectKey] = objectValue['id']
+            subObjects.insert(0, subObjectKey)
       for subObject in subObjects:
         if subObject not in subSkipObjects:
-          _show(subObject, objectValue[subObject], subObjectKey, level+1, DEFAULT_SKIP_OBJECTS)
+          _show(subObject, objectValue[subObject], subObjectKey, None, level+1, DEFAULT_SKIP_OBJECTS)
           if indentAfterFirst:
             Ind.Increment()
             indentAfterFirst = False
@@ -9227,7 +9256,7 @@ def showJSON(showName, showValue, skipObjects=None, timeObjects=None,
   timeObjects = timeObjects or set()
   simpleLists = simpleLists or set()
   dictObjectsKey = dictObjectsKey or {}
-  _show(showName, showValue, None, 0, DEFAULT_SKIP_OBJECTS.union(skipObjects or set()))
+  _show(showName, showValue, None, None, 0, DEFAULT_SKIP_OBJECTS.union(skipObjects or set()))
 
 class FormatJSONQuoteChar():
 
@@ -9306,7 +9335,7 @@ def getLocalGoogleTimeOffset(testLocation=GOOGLE_TIMECHECK_LOCATION):
   for prot in ['http', 'https']:
     try:
       headerData = httpObj.request(f'{prot}://'+testLocation, 'HEAD')
-      googleUTC = datetime.datetime.strptime(headerData[0]['date'], '%a, %d %b %Y %H:%M:%S %Z').replace(tzinfo=iso8601.UTC)
+      googleUTC = arrow.Arrow.strptime(headerData[0]['date'], '%a, %d %b %Y %H:%M:%S %Z', tzinfo='UTC')
     except (httplib2.HttpLib2Error, RuntimeError) as e:
       handleServerError(e)
     except httplib2.socks.HTTPError as e:
@@ -9319,7 +9348,7 @@ def getLocalGoogleTimeOffset(testLocation=GOOGLE_TIMECHECK_LOCATION):
       if prot == 'http':
         continue
       systemErrorExit(NETWORK_ERROR_RC, Msg.INVALID_HTTP_HEADER.format(str(headerData)))
-    offset = remainder = int(abs((datetime.datetime.now(iso8601.UTC)-googleUTC).total_seconds()))
+    offset = remainder = int(abs((arrow.utcnow()-googleUTC).total_seconds()))
     if offset < MAX_LOCAL_GOOGLE_TIME_OFFSET and prot == 'http':
       continue
     timeoff = []
@@ -9369,6 +9398,7 @@ MACOS_CODENAMES = {
   13: 'Ventura',
   14: 'Sonoma',
   15: 'Sequoia',
+  26: 'Tahoe',
   }
 
 def getOSPlatform():
@@ -9378,7 +9408,7 @@ def getOSPlatform():
   elif myos == 'Windows':
     pltfrm = ' '.join(platform.win32_ver())
   elif myos == 'Darwin':
-    myos = 'MacOS'
+    myos = 'macOS'
     mac_ver = platform.mac_ver()[0]
     major_ver = int(mac_ver.split('.')[0]) # macver 10.14.6 == major_ver 10
     minor_ver = int(mac_ver.split('.')[1]) # macver 10.14.6 == minor_ver 14
@@ -9619,7 +9649,7 @@ def CSVFileQueueHandler(mpQueue, mpQueueStdout, mpQueueStderr, csvPF, datetimeNo
   clearRowFilters = False
 #  if sys.platform.startswith('win'):
 #    signal.signal(signal.SIGINT, signal.SIG_IGN)
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     signal.signal(signal.SIGINT, signal.SIG_IGN)
     Cmd = glclargs.GamCLArgs()
   else:
@@ -9661,7 +9691,7 @@ def CSVFileQueueHandler(mpQueue, mpQueueStdout, mpQueueStderr, csvPF, datetimeNo
       Cmd.InitializeArguments(dataItem)
     elif dataType == GM.REDIRECT_QUEUE_GLOBALS:
       GM.Globals = dataItem
-      if multiprocessing.get_start_method() == 'spawn':
+      if multiprocessing.get_start_method() != 'fork':
         reopenSTDFile(GM.STDOUT)
         reopenSTDFile(GM.STDERR)
     elif dataType == GM.REDIRECT_QUEUE_VALUES:
@@ -9707,7 +9737,7 @@ def initializeCSVFileQueueHandler(mpManager, mpQueueStdout, mpQueueStderr):
 def terminateCSVFileQueueHandler(mpQueue, mpQueueHandler):
   GM.Globals[GM.PARSER] = None
   GM.Globals[GM.CSVFILE][GM.REDIRECT_QUEUE] = None
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     mpQueue.put((GM.REDIRECT_QUEUE_ARGS, Cmd.AllArguments()))
     savedValues = saveNonPickleableValues()
     mpQueue.put((GM.REDIRECT_QUEUE_GLOBALS, GM.Globals))
@@ -9737,13 +9767,13 @@ def StdQueueHandler(mpQueue, stdtype, gmGlobals, gcValues):
 
 #  if sys.platform.startswith('win'):
 #    signal.signal(signal.SIGINT, signal.SIG_IGN)
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     signal.signal(signal.SIGINT, signal.SIG_IGN)
     GM.Globals = gmGlobals.copy()
     GC.Values = gcValues.copy()
   pid0DataItem = [KEYBOARD_INTERRUPT_RC, None]
   pidData = {}
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     if GM.Globals[stdtype][GM.REDIRECT_NAME] == 'null':
       fd = open(os.devnull, GM.Globals[stdtype][GM.REDIRECT_MODE], encoding=UTF8)
     elif GM.Globals[stdtype][GM.REDIRECT_NAME] == '-':
@@ -9831,7 +9861,7 @@ def ProcessGAMCommandMulti(pid, numItems, logCmd, mpQueueCSVFile, mpQueueStdout,
   with mplock:
     initializeLogging()
 #    if sys.platform.startswith('win'):
-    if multiprocessing.get_start_method() == 'spawn':
+    if multiprocessing.get_start_method() != 'fork':
       signal.signal(signal.SIGINT, signal.SIG_IGN)
     GM.Globals[GM.API_CALLS_RETRY_DATA] = {}
     GM.Globals[GM.CMDLOG_LOGGER] = None
@@ -9972,7 +10002,7 @@ def MultiprocessGAMCommands(items, showCmds):
   mpManager = multiprocessing.Manager()
   l = mpManager.Lock()
   try:
-    if multiprocessing.get_start_method() == 'spawn':
+    if multiprocessing.get_start_method() != 'fork':
       pool = mpManager.Pool(processes=numPoolProcesses, initializer=initGamWorker, initargs=(l,), maxtasksperchild=200)
     else:
       pool = multiprocessing.Pool(processes=numPoolProcesses, initializer=initGamWorker, initargs=(l,), maxtasksperchild=200)
@@ -9981,7 +10011,7 @@ def MultiprocessGAMCommands(items, showCmds):
   except AssertionError as e:
     Cmd.SetLocation(0)
     usageErrorExit(str(e))
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     savedValues = saveNonPickleableValues()
   if GM.Globals[GM.STDOUT][GM.REDIRECT_MULTIPROCESS]:
     mpQueueStdout, mpQueueHandlerStdout = initializeStdQueueHandler(mpManager, GM.STDOUT, GM.Globals, GC.Values)
@@ -9996,7 +10026,7 @@ def MultiprocessGAMCommands(items, showCmds):
       mpQueueStderr = mpQueueStdout
   else:
     mpQueueStderr = None
-  if multiprocessing.get_start_method() == 'spawn':
+  if multiprocessing.get_start_method() != 'fork':
     restoreNonPickleableValues(savedValues)
   if mpQueueStdout:
     mpQueueStdout.put((0, GM.REDIRECT_QUEUE_DATA, GM.Globals[GM.STDOUT][GM.REDIRECT_MULTI_FD].getvalue()))
@@ -10156,8 +10186,8 @@ def threadBatchWorker(showCmds=False, numItems=0):
       batchWriteStderr(f'{currentISOformatTimeStamp()},{pid}/{numItems},Error,{str(e)},{logCmd}\n')
     GM.Globals[GM.TBATCH_QUEUE].task_done()
 
-BATCH_COMMANDS = [Cmd.GAM_CMD, Cmd.COMMIT_BATCH_CMD, Cmd.PRINT_CMD, Cmd.SLEEP_CMD]
-TBATCH_COMMANDS = [Cmd.GAM_CMD, Cmd.COMMIT_BATCH_CMD, Cmd.EXECUTE_CMD, Cmd.PRINT_CMD, Cmd.SLEEP_CMD]
+BATCH_COMMANDS = [Cmd.GAM_CMD, Cmd.COMMIT_BATCH_CMD, Cmd.PRINT_CMD, Cmd.SLEEP_CMD, Cmd.DATETIME_CMD, Cmd.SET_CMD, Cmd.CLEAR_CMD]
+TBATCH_COMMANDS = [Cmd.GAM_CMD, Cmd.COMMIT_BATCH_CMD, Cmd.EXECUTE_CMD, Cmd.PRINT_CMD, Cmd.SLEEP_CMD, Cmd.DATETIME_CMD, Cmd.SET_CMD, Cmd.CLEAR_CMD]
 
 def ThreadBatchGAMCommands(items, showCmds):
   if not items:
@@ -10269,6 +10299,14 @@ def doBatch(threadBatch=False):
         continue
       if argv:
         cmd = argv[0].strip().lower()
+        if cmd == Cmd.DATETIME_CMD:
+          if len(argv) == 2:
+            kwValues['datetime'] = todaysTime().strftime(argv[1])
+          else:
+            writeStderr(f'Command: >>>{Cmd.QuotedArgumentList([argv[0]])}<<< {Cmd.QuotedArgumentList(argv[1:])}\n')
+            writeStderr(f'{ERROR_PREFIX}{Cmd.ARGUMENT_ERROR_NAMES[Cmd.ARGUMENT_INVALID][1]}: {Msg.EXPECTED} <{Cmd.DATETIME_CMD} DateTimeFormat>)>\n')
+            errors += 1
+          continue
         if cmd == Cmd.SET_CMD:
           if len(argv) == 3:
             kwValues[argv[1]] = argv[2]
@@ -11033,7 +11071,7 @@ class Credentials(google.oauth2.credentials.Credentials):
     expiry = info.get('token_expiry')
     if expiry:
       # Convert the raw expiry to datetime
-      expiry = datetime.datetime.strptime(expiry, YYYYMMDDTHHMMSSZ_FORMAT)
+      expiry = arrow.Arrow.strptime(expiry, YYYYMMDDTHHMMSSZ_FORMAT, tzinfo='UTC').naive
     id_token_data = info.get('decoded_id_token')
 
     # Provide backwards compatibility with field names when loading from JSON.
@@ -11152,7 +11190,7 @@ class Credentials(google.oauth2.credentials.Credentials):
 
 def doOAuthRequest(currentScopes, login_hint, verifyScopes=False):
   client_id, client_secret = getOAuthClientIDAndSecret()
-  scopesList = API.getClientScopesList(GC.Values[GC.TODRIVE_CLIENTACCESS])
+  scopesList = API.getClientScopesList(GC.Values[GC.COMMANDDATA_CLIENTACCESS], GC.Values[GC.TODRIVE_CLIENTACCESS])
   if not currentScopes or verifyScopes:
     selectedScopes = getScopesFromUser(scopesList, True, currentScopes)
     if selectedScopes is None:
@@ -11198,7 +11236,7 @@ def doOAuthCreate():
   else:
     login_hint = None
     scopes = []
-    scopesList = API.getClientScopesList(GC.Values[GC.TODRIVE_CLIENTACCESS])
+    scopesList = API.getClientScopesList(GC.Values[GC.COMMANDDATA_CLIENTACCESS], GC.Values[GC.TODRIVE_CLIENTACCESS])
     while Cmd.ArgumentsRemaining():
       myarg = getArgument()
       if myarg == 'admin':
@@ -11214,7 +11252,9 @@ def doOAuthCreate():
               scopes.append(uscope)
               break
           else:
-            invalidChoiceExit(uscope, API.getClientScopesURLs(GC.Values[GC.TODRIVE_CLIENTACCESS]), True)
+            invalidChoiceExit(uscope,
+                              API.getClientScopesURLs(GC.Values[GC.COMMANDDATA_CLIENTACCESS], GC.Values[GC.TODRIVE_CLIENTACCESS]),
+                              True)
       else:
         unknownArgumentExit()
     if len(scopes) == 0:
@@ -11297,7 +11337,7 @@ def doOAuthInfo():
   if 'email' in token_info:
     printKeyValueList(['Google Workspace Admin', f'{token_info["email"]}'])
   if 'expires_in' in token_info:
-    printKeyValueList(['Expires', ISOformatTimeStamp((datetime.datetime.now()+datetime.timedelta(seconds=token_info['expires_in'])).replace(tzinfo=GC.Values[GC.TIMEZONE]))])
+    printKeyValueList(['Expires', ISOformatTimeStamp(arrow.now(GC.Values[GC.TIMEZONE]).shift(seconds=token_info['expires_in']))])
   if showDetails:
     for k, v in sorted(token_info.items()):
       if k not in  ['email', 'expires_in', 'issued_to', 'scope']:
@@ -11325,7 +11365,7 @@ def doOAuthUpdate():
       if 'scopes' in jsonDict:
         currentScopes = jsonDict['scopes']
       else:
-        currentScopes = API.getClientScopesURLs(GC.Values[GC.TODRIVE_CLIENTACCESS])
+        currentScopes = API.getClientScopesURLs(GC.Values[GC.COMMANDDATA_CLIENTACCESS], GC.Values[GC.TODRIVE_CLIENTACCESS])
     else:
       currentScopes = []
   except (AttributeError, IndexError, KeyError, SyntaxError, TypeError, ValueError) as e:
@@ -12355,8 +12395,6 @@ def checkServiceAccount(users):
             saScopes[scope['api']].append(scope['roscope'])
             checkScopesSet.add(scope['roscope'])
         i += 1
-    if API.DRIVEACTIVITY in saScopes and API.DRIVE3 in saScopes:
-      saScopes[API.DRIVEACTIVITY].append(API.DRIVE_SCOPE)
     if API.DRIVE3 in saScopes:
       saScopes[API.DRIVE2] = saScopes[API.DRIVE3]
     GM.Globals[GM.OAUTH2SERVICE_JSON_DATA][API.OAUTH2SA_SCOPES] = saScopes
@@ -12413,7 +12451,7 @@ def checkServiceAccount(users):
                      throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID, GAPI.NOT_FOUND,
                                    GAPI.PERMISSION_DENIED, GAPI.SERVICE_NOT_AVAILABLE],
                      name=name, fields='validAfterTime')
-      key_created, _ = iso8601.parse_date(key['validAfterTime'])
+      key_created = arrow.get(key['validAfterTime'])
       key_age = todaysTime()-key_created
       printPassFail(Msg.SERVICE_ACCOUNT_PRIVATE_KEY_AGE.format(key_age.days), testWarn if key_age.days > 30 else testPass)
     except GAPI.permissionDenied:
@@ -12668,15 +12706,15 @@ def _generatePrivateKeyAndPublicCert(projectId, clientEmail, name, key_size, b64
                                                                 _validate=False)]))
   # Gooogle seems to enforce the not before date strictly. Set the not before
   # date to be UTC two minutes ago which should cover any clock skew.
-  now = datetime.datetime.utcnow()
-  builder = builder.not_valid_before(now - datetime.timedelta(minutes=2))
+  now = arrow.utcnow()
+  builder = builder.not_valid_before(now.shift(minutes=-2).naive)
   # Google defaults to 12/31/9999 date for end time if there's no
   # policy to restrict key age
   if validityHours:
-    expires = now + datetime.timedelta(hours=validityHours) - datetime.timedelta(minutes=2)
+    expires = now.shift(hours=validityHours, minutes=-2).naive
     builder = builder.not_valid_after(expires)
   else:
-    builder = builder.not_valid_after(datetime.datetime(9999, 12, 31, 23, 59))
+    builder = builder.not_valid_after(arrow.Arrow(9999, 12, 31, 23, 59).naive)
   builder = builder.serial_number(x509.random_serial_number())
   builder = builder.public_key(public_key)
   builder = builder.add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
@@ -13053,7 +13091,7 @@ def _showMailboxMonitorRequestStatus(request, i=0, count=0):
 def doCreateMonitor():
   auditObject, parameters = getAuditParameters(emailAddressRequired=True, requestIdRequired=False, destUserRequired=True)
   #end_date defaults to 30 days in the future...
-  end_date = (GM.Globals[GM.DATETIME_NOW]+datetime.timedelta(days=30)).strftime(YYYYMMDD_HHMM_FORMAT)
+  end_date = GM.Globals[GM.DATETIME_NOW].shift(days=30).strftime(YYYYMMDD_HHMM_FORMAT)
   begin_date = None
   incoming_headers_only = outgoing_headers_only = drafts_headers_only = chats_headers_only = False
   drafts = chats = True
@@ -13226,7 +13264,7 @@ def _adjustTryDate(errMsg, numDateChanges, limitDateChanges, prevTryDate):
     else:
       match_date = re.match('End date greater than LastReportedDate.', errMsg)
       if match_date:
-        tryDateTime = datetime.datetime.strptime(prevTryDate, YYYYMMDD_FORMAT)-datetime.timedelta(days=1)
+        tryDateTime = arrow.Arrow.strptime(prevTryDate, YYYYMMDD_FORMAT).shift(days=-1)
         tryDate = tryDateTime.strftime(YYYYMMDD_FORMAT)
   if (not match_date) or (numDateChanges > limitDateChanges >= 0):
     printWarningMessage(DATA_NOT_AVALIABLE_RC, errMsg)
@@ -13237,18 +13275,17 @@ def _checkDataRequiredServices(result, tryDate, dataRequiredServices, parameterS
 # -1: Data not available:
 #  0: Backup to earlier date
 #  1: Data available
-  oneDay = datetime.timedelta(days=1)
   dataWarnings = result.get('warnings', [])
   usageReports = result.get('usageReports', [])
   # move to day before if we don't have at least one usageReport with parameters
   if not usageReports or not usageReports[0].get('parameters', []):
-    tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
+    tryDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT).shift(days=-1)
     return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
   for warning in dataWarnings:
     if warning['code'] == 'PARTIAL_DATA_AVAILABLE':
       for app in warning['data']:
         if app['key'] == 'application' and app['value'] != 'docs' and app['value'] in dataRequiredServices:
-          tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
+          tryDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT).shift(days=-1)
           return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
     elif warning['code'] == 'DATA_NOT_AVAILABLE':
       for app in warning['data']:
@@ -13265,11 +13302,11 @@ def _checkDataRequiredServices(result, tryDate, dataRequiredServices, parameterS
         if not requiredServices:
           break
     else:
-      tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
+      tryDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT).shift(days=-1)
       return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
   if checkUserEmail:
     if 'entity' not in usageReports[0] or 'userEmail' not in usageReports[0]['entity']:
-      tryDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)-oneDay
+      tryDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT).shift(days=-1)
       return (0, tryDateTime.strftime(YYYYMMDD_FORMAT), None)
   return (1, tryDate, usageReports)
 
@@ -13361,7 +13398,7 @@ def getUserOrgUnits(cd, orgUnit, orgUnitId):
                            throwReasons=[GAPI.INVALID_ORGUNIT, GAPI.ORGUNIT_NOT_FOUND,
                                          GAPI.INVALID_INPUT, GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                            retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                           customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnit, None), orderBy='email',
+                           customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnit, None, None), orderBy='email',
                            fields='nextPageToken,users(primaryEmail,orgUnitPath)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
     userOrgUnits = {}
     for user in result:
@@ -13383,13 +13420,17 @@ REPORTS_PARAMETERS_SIMPLE_TYPES = ['intValue', 'boolValue', 'datetimeValue', 'st
 #	[(user all|<UserItem>)|(orgunit|org|ou <OrgUnitPath> [showorgunit])|(select <UserTypeEntity>)]
 #	[([start|startdate <Date>] [end|enddate <Date>])|(range <Date> <Date>)|
 #	 thismonth|(previousmonths <Integer>)]
+#	[skipdates <Date>[:<Date>](,<Date>[:<Date>])*] [skipdaysofweek <DayOfWeek>(,<DayOfWeek>)*]
 #	[fields|parameters <String>)]
 #	[convertmbtogb]
+#	(addcsvdata <FieldName> <String>)*
 # gam report usage customer [todrive <ToDriveAttribute>*]
 #	[([start|startdate <Date>] [end|enddate <Date>])|(range <Date> <Date>)|
 #	 thismonth|(previousmonths <Integer>)]
+#	[skipdates <Date>[:<Date>](,<Date>[:<Date>])*] [skipdaysofweek <DayOfWeek>(,<DayOfWeek>)*]
 #	[fields|parameters <String>)]
 #	[convertmbtogb]
+#	(addcsvdata <FieldName> <String>)*
 def doReportUsage():
   def usageEntitySelectors():
     selectorChoices = Cmd.USER_ENTITY_SELECTORS+Cmd.USER_CSVDATA_ENTITY_SELECTORS
@@ -13409,8 +13450,8 @@ def doReportUsage():
         invalidArgumentExit(DELTA_DATE_FORMAT_REQUIRED)
       return deltaDate
     try:
-      argDate = datetime.datetime.strptime(argstr, YYYYMMDD_FORMAT)
-      return datetime.datetime(argDate.year, argDate.month, argDate.day, tzinfo=GC.Values[GC.TIMEZONE])
+      argDate = arrow.Arrow.strptime(argstr, YYYYMMDD_FORMAT)
+      return arrow.Arrow(argDate.year, argDate.month, argDate.day, tzinfo=GC.Values[GC.TIMEZONE])
     except ValueError:
       Cmd.Backup()
       invalidArgumentExit(YYYYMMDD_FORMAT_REQUIRED)
@@ -13441,7 +13482,7 @@ def doReportUsage():
   startEndTime = StartEndTime('startdate', 'enddate', 'date')
   skipDayNumbers = []
   skipDates = set()
-  oneDay = datetime.timedelta(days=1)
+  addCSVData = {}
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
@@ -13479,10 +13520,10 @@ def doReportUsage():
             usageErrorExit(Msg.INVALID_DATE_TIME_RANGE.format(myarg, skipEnd, myarg, skipStart))
           while skipStartDate <= skipEndDate:
             skipDates.add(skipStartDate)
-            skipStartDate += oneDay
+            skipStartDate = skipStartDate.shift(days=1)
     elif myarg == 'skipdaysofweek':
-      skipdaynames = getString(Cmd.OB_STRING).split(',')
-      dow = [d.lower() for d in calendarlib.day_abbr]
+      skipdaynames = getString(Cmd.OB_STRING).lower().split(',')
+      dow = [d.lower() for d in DAYS_OF_WEEK]
       skipDayNumbers = [dow.index(d) for d in skipdaynames if d in dow]
     elif userReports and myarg == 'user':
       userKey = getString(Cmd.OB_EMAIL_ADDRESS)
@@ -13496,12 +13537,15 @@ def doReportUsage():
       select = True
     elif myarg == 'convertmbtogb':
       convertMbToGb = True
+    elif myarg == 'addcsvdata':
+      k = getString(Cmd.OB_STRING)
+      addCSVData[k] = getString(Cmd.OB_STRING, minLen=0)
     else:
       unknownArgumentExit()
   if startEndTime.endDateTime is None:
     startEndTime.endDateTime = todaysDate()
   if startEndTime.startDateTime is None:
-    startEndTime.startDateTime = startEndTime.endDateTime+datetime.timedelta(days=-30)
+    startEndTime.startDateTime = startEndTime.endDateTime.shift(days=-30)
   startDateTime = startEndTime.startDateTime
   startDate = startDateTime.strftime(YYYYMMDD_FORMAT)
   endDateTime = startEndTime.endDateTime
@@ -13529,15 +13573,17 @@ def doReportUsage():
       titles.append('orgUnitPath')
   else:
     pageMessage = None
+  if addCSVData:
+    titles.extend(sorted(addCSVData.keys()))
   csvPF.SetTitles(titles)
   csvPF.SetSortAllTitles()
   parameters = ','.join(parameters) if parameters else None
   while startDateTime <= endDateTime:
     if startDateTime.weekday() in skipDayNumbers or startDateTime in skipDates:
-      startDateTime += oneDay
+      startDateTime = startDateTime.shift(days=1)
       continue
     useDate = startDateTime.strftime(YYYYMMDD_FORMAT)
-    startDateTime += oneDay
+    startDateTime = startDateTime.shift(days=1)
     try:
       for kwarg in kwargs:
         if userReports:
@@ -13563,6 +13609,8 @@ def doReportUsage():
                 row['orgUnitPath'] = userOrgUnits.get(row['user'], UNKNOWN)
             else:
               row['user'] = UNKNOWN
+          if addCSVData:
+            row.update(addCSVData)
           for item in entity.get('parameters', []):
             if 'name' not in item:
               continue
@@ -13694,12 +13742,14 @@ REPORT_ACTIVITIES_TIME_OBJECTS = {'time'}
 #	[aggregatebydate|aggregatebyuser [Boolean]]
 #	[maxresults <Number>]
 #	[convertmbtogb]
+#	(addcsvdata <FieldName> <String>)*
 # gam report customers|customer|domain [todrive <ToDriveAttribute>*]
 #	[(date <Date>)|(range <Date> <Date>)|
 #	 yesterday|today|thismonth|(previousmonths <Integer>)]
 #	[nodatechange | (fulldatarequired all|<CustomerServiceNameList>)]
 #	[(fields|parameters <String>)|(services <CustomerServiceNameList>)] [noauthorizedapps]
 #	[convertmbtogb]
+#	(addcsvdata <FieldName> <String>)*
 def doReport():
   def processUserUsage(usage, lastDate):
     if not usage:
@@ -13717,6 +13767,8 @@ def doReport():
           row['orgUnitPath'] = userOrgUnits.get(row['email'], UNKNOWN)
       else:
         row['email'] = UNKNOWN
+      if addCSVData:
+        row.update(addCSVData)
       for item in user_report.get('parameters', []):
         if 'name' not in item:
           continue
@@ -13728,7 +13780,7 @@ def doReport():
           mg = DISABLED_REASON_TIME_PATTERN.match(item['stringValue'])
           if mg:
             try:
-              disabledTime = formatLocalTime(datetime.datetime.strptime(mg.group(1), '%Y/%m/%d-%H:%M:%S').replace(tzinfo=iso8601.UTC).strftime(YYYYMMDDTHHMMSSZ_FORMAT))
+              disabledTime = formatLocalTime(arrow.Arrow.strptime(mg.group(1), '%Y/%m/%d-%H:%M:%S').replace(tzinfo='UTC').strftime(YYYYMMDDTHHMMSSZ_FORMAT))
               row['accounts:disabled_time'] = disabledTime
               csvPF.AddTitles('accounts:disabled_time')
             except ValueError:
@@ -13808,6 +13860,8 @@ def doReport():
       return (False, lastDate)
     lastDate = usage[0]['date']
     row = {'date': lastDate}
+    if addCSVData:
+      row.update(addCSVData)
     for item in usage[0].get('parameters', []):
       if 'name' not in item:
         continue
@@ -13882,12 +13936,16 @@ def doReport():
         continue
       for ptype in REPORTS_PARAMETERS_SIMPLE_TYPES:
         if ptype in item:
+          row = {'date': lastDate}
+          if addCSVData:
+            row.update(addCSVData)
           if ptype != 'datetimeValue':
             if convertMbToGb and name.endswith('_in_mb'):
               name = convertReportMBtoGB(name, item)
-            csvPF.WriteRow({'date': lastDate, 'name': name, 'value': item[ptype]})
+            row.update({'name': name, 'value': item[ptype]})
           else:
-            csvPF.WriteRow({'date': lastDate, 'name': name, 'value': formatLocalTime(item[ptype])})
+            row.update({'name': name, 'value': formatLocalTime(item[ptype])})
+          csvPF.WriteRow(row)
           break
       else:
         if 'msgValue' in item:
@@ -13896,6 +13954,8 @@ def doReport():
               continue
             for subitem in item['msgValue']:
               app = {'date': lastDate}
+              if addCSVData:
+                app.update(addCSVData)
               for an_item in subitem:
                 if an_item == 'client_name':
                   app['name'] = f'App: {escapeCRsNLs(subitem[an_item])}'
@@ -13908,7 +13968,11 @@ def doReport():
             values = []
             for subitem in item['msgValue']:
               values.append(f'{subitem["version_number"]}:{subitem["num_devices"]}')
-            csvPF.WriteRow({'date': lastDate, 'name': name, 'value': ' '.join(sorted(values, reverse=True))})
+            row = {'date': lastDate}
+            if addCSVData:
+              row.update(addCSVData)
+            row.update({'name': name, 'value': ' '.join(sorted(values, reverse=True))})
+            csvPF.WriteRow(row)
           else:
             values = []
             for subitem in item['msgValue']:
@@ -13923,7 +13987,11 @@ def doReport():
                     values.append(f'{myvalue}:{mycount}')
               else:
                 continue
-            csvPF.WriteRow({'date': lastDate, 'name': name, 'value': ' '.join(sorted(values, reverse=True))})
+            row = {'date': lastDate}
+            if addCSVData:
+              row.update(addCSVData)
+            row.update({'name': name, 'value': ' '.join(sorted(values, reverse=True))})
+            csvPF.WriteRow(row)
     csvPF.SortRowsTwoTitles('date', 'name', False)
     if authorizedApps:
       csvPF.AddTitle('client_id')
@@ -13963,7 +14031,6 @@ def doReport():
   eventCounts = {}
   eventNames = []
   startEndTime = StartEndTime('start', 'end')
-  oneDay = datetime.timedelta(days=1)
   filterTimes = {}
   maxActivities = maxEvents = 0
   maxResults = 1000
@@ -14074,7 +14141,7 @@ def doReport():
       eventRowFilter = True
     elif activityReports and myarg == 'groupidfilter':
       groupIdFilter = getString(Cmd.OB_STRING)
-    elif activityReports and myarg == 'addcsvdata':
+    elif myarg == 'addcsvdata':
       k = getString(Cmd.OB_STRING)
       addCSVData[k] = getString(Cmd.OB_STRING, minLen=0)
     elif activityReports and myarg == 'shownoactivities':
@@ -14139,6 +14206,8 @@ def doReport():
       titles = ['email'] if not showOrgUnit else ['email', 'orgUnitPath']
     else:
       titles = ['email', 'date'] if not showOrgUnit else ['email', 'orgUnitPath', 'date']
+    if addCSVData:
+      titles.extend(sorted(addCSVData.keys()))
     csvPF.SetTitles(titles)
     csvPF.SetSortAllTitles()
     i = 0
@@ -14175,7 +14244,7 @@ def doReport():
             if fullData == 0:
               if numDateChanges > limitDateChanges >= 0:
                 break
-              startDateTime = endDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)
+              startDateTime = endDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT)
               continue
           if not select and userKey == 'all':
             pageMessage = getPageMessageForWhom(forWhom, showDate=tryDate)
@@ -14204,7 +14273,7 @@ def doReport():
           tryDate = _adjustTryDate(str(e), numDateChanges, limitDateChanges, tryDate)
           if not tryDate:
             break
-          startDateTime = endDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)
+          startDateTime = endDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT)
           continue
         except GAPI.invalidInput as e:
           systemErrorExit(GOOGLE_API_ERROR_RC, str(e))
@@ -14217,7 +14286,7 @@ def doReport():
           break
         except GAPI.forbidden as e:
           accessErrorExit(None, str(e))
-        startDateTime += oneDay
+        startDateTime = startDateTime.shift(days=1)
       if exitUserLoop:
         break
       if user != 'all' and lastDate is None and GC.Values[GC.CSV_OUTPUT_USERS_AUDIT]:
@@ -14225,6 +14294,8 @@ def doReport():
     if aggregateByDate:
       for usageDate, events in eventCounts.items():
         row = {'date': usageDate}
+        if addCSVData:
+          row.update(addCSVData)
         for event, count in events.items():
           if convertMbToGb and event.endswith('_in_gb'):
             count = f'{count/1024:.2f}'
@@ -14237,6 +14308,8 @@ def doReport():
         row = {'email': email}
         if showOrgUnit:
           row['orgUnitPath'] = userOrgUnits.get(email, UNKNOWN)
+        if addCSVData:
+          row.update(addCSVData)
         for event, count in events.items():
           if convertMbToGb and event.endswith('_in_gb'):
             count = f'{count/1024:.2f}'
@@ -14251,6 +14324,8 @@ def doReport():
     if startEndTime.startDateTime is None:
       startEndTime.startDateTime = startEndTime.endDateTime = todaysDate()
     csvPF.SetTitles('date')
+    if addCSVData:
+      csvPF.AddTitles(sorted(addCSVData.keys()))
     if not userCustomerRange or (startEndTime.startDateTime == startEndTime.endDateTime):
       csvPF.AddTitles(['name', 'value'])
     authorizedApps = []
@@ -14274,7 +14349,7 @@ def doReport():
           if fullData == 0:
             if numDateChanges > limitDateChanges >= 0:
               break
-            startDateTime = endDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)
+            startDateTime = endDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT)
             continue
         usage = callGAPIpages(service, 'get', 'usageReports',
                               throwReasons=[GAPI.INVALID, GAPI.INVALID_INPUT, GAPI.FORBIDDEN],
@@ -14292,13 +14367,13 @@ def doReport():
         tryDate = _adjustTryDate(str(e), numDateChanges, limitDateChanges, tryDate)
         if not tryDate:
           break
-        startDateTime = endDateTime = datetime.datetime.strptime(tryDate, YYYYMMDD_FORMAT)
+        startDateTime = endDateTime = arrow.Arrow.strptime(tryDate, YYYYMMDD_FORMAT)
         continue
       except GAPI.invalidInput as e:
         systemErrorExit(GOOGLE_API_ERROR_RC, str(e))
       except GAPI.forbidden as e:
         accessErrorExit(None, str(e))
-      startDateTime += oneDay
+      startDateTime = startDateTime.shift(days=1)
     csvPF.writeCSVfile(f'Customer Report - {tryDate}')
   else: # activityReports
     csvPF.SetTitles('name')
@@ -14368,8 +14443,8 @@ def doReport():
             eventTime = activity.get('id', {}).get('time', UNKNOWN)
             if eventTime != UNKNOWN:
               try:
-                eventTime, _ = iso8601.parse_date(eventTime)
-              except (iso8601.ParseError, OverflowError):
+                eventTime = arrow.get(eventTime)
+              except (arrow.parser.ParserError, OverflowError):
                 eventTime = UNKNOWN
             if eventTime != UNKNOWN:
               eventDate = eventTime.strftime(YYYYMMDD_FORMAT)
@@ -14393,7 +14468,7 @@ def doReport():
                     if val is not None:
                       val = int(val)
                       if val >= 62135683200:
-                        event[item['name']] = ISOformatTimeStamp(datetime.datetime.fromtimestamp(val-62135683200, GC.Values[GC.TIMEZONE]))
+                        event[item['name']] = ISOformatTimeStamp(arrow.Arrow.fromtimestamp(val-62135683200, GC.Values[GC.TIMEZONE]))
                       else:
                         event[item['name']] = val
                   else:
@@ -16285,7 +16360,7 @@ def _showCustomerLicenseInfo(customerInfo, FJQC):
   while True:
     try:
       result = callGAPI(rep.customerUsageReports(), 'get',
-                        throwReasons=[GAPI.INVALID, GAPI.FORBIDDEN, GAPI.PERMISSION_DENIED],
+                        throwReasons=[GAPI.INVALID, GAPI.FAILED_PRECONDITION, GAPI.FORBIDDEN, GAPI.PERMISSION_DENIED],
                         date=tryDate, customerId=customerInfo['id'],
                         fields='warnings,usageReports', parameters=parameters)
       usageReports = numUsersAvailable(result)
@@ -16298,7 +16373,7 @@ def _showCustomerLicenseInfo(customerInfo, FJQC):
       if fullData == 0:
         continue
       break
-    except GAPI.invalid as e:
+    except (GAPI.invalid, GAPI.failedPrecondition) as e:
       tryDate = _adjustTryDate(str(e), 0, -1, tryDate)
       if not tryDate:
         return
@@ -17012,22 +17087,39 @@ def doDeleteAdmin():
   except (GAPI.forbidden, GAPI.permissionDenied) as e:
     ClientAPIAccessDeniedExit(str(e))
 
-ASSIGNEE_EMAILTYPE_TOFIELD_MAP = {
+ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP = {
   'user': 'assignedToUser',
   'group': 'assignedToGroup',
   'serviceaccount': 'assignedToServiceAccount',
+  'unknown': 'assignedToUnknown',
   }
+ALL_ASSIGNEE_TYPES = ['user', 'group', 'serviceaccount']
+
 PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
 PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
                       'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
                       'scopeType', 'orgUnitId', 'orgUnit']
 
 # gam print admins [todrive <ToDriveAttribute>*]
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition]
-#	[privileges] [oneitemperrow]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[types <AdminAssigneeTypeList>]
+#	[recursive] [condition] [privileges] [oneitemperrow]
 # gam show admins
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition] [privileges]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[types <AdminAssigneeTypeList>]
+#	[recursive] [condition] [privileges]
 def doPrintShowAdmins():
+  def _getAssigneeTypes(myarg):
+    if myarg in {'type', 'types'}:
+      for gtype in getString(Cmd.OB_ADMIN_ASSIGNEE_TYPE_LIST).lower().replace(',', ' ').split():
+        if gtype in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
+          typesSet.add(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[gtype])
+        else:
+          invalidChoiceExit(gtype, ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP, True)
+    else:
+      return False
+    return True
+
   def _getPrivileges(admin):
     if showPrivileges:
       roleId = admin['roleId']
@@ -17055,17 +17147,14 @@ def doPrintShowAdmins():
     assignedTo = admin['assignedTo']
     admin['assignedToUnknown'] = False
     if assignedTo not in assignedToIdEmailMap:
-      assigneeType = admin.get('assigneeType')
-      assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP.get(assigneeType, None)
-      assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
-                                                                     emailTypes=list(ASSIGNEE_EMAILTYPE_TOFIELD_MAP.keys()))
-      if not assignedToField and assigneeType in ASSIGNEE_EMAILTYPE_TOFIELD_MAP:
-        assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP[assigneeType]
-      if assigneeType == 'unknown':
-        assignedToField = 'assignedToUnknown'
+      emailTypes = ALL_ASSIGNEE_TYPES if admin.get('assigneeType', '') != 'group' else ['group']
+      assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal, emailTypes=emailTypes)
+      assignedToField = ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP.get(assigneeType, 'assignedToUnknown')
+      if assignedToField == 'assignedToUnknown':
         assigneeEmail = True
       assignedToIdEmailMap[assignedTo] = {'assignedToField': assignedToField, 'assigneeEmail': assigneeEmail}
     admin[assignedToIdEmailMap[assignedTo]['assignedToField']] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
+    admin['assignedToField'] = assignedToIdEmailMap[assignedTo]['assignedToField']
     if privileges is not None:
       admin.update(privileges)
     if 'orgUnitId' in admin:
@@ -17075,16 +17164,22 @@ def doPrintShowAdmins():
         admin['condition'] = 'securitygroup'
       elif admin['condition'] == NONSECURITY_GROUP_CONDITION:
         admin['condition'] = 'nonsecuritygroup'
+    if debug:
+      print('******', admin['assignedTo'], admin.get('assigneeType', 'no type'),
+            admin['assignedToField'], not typesSet or admin['assignedToField'] in typesSet)
+    return not typesSet or admin['assignedToField'] in typesSet
 
   cd = buildGAPIObject(API.DIRECTORY)
   sal = buildGAPIObject(API.SERVICEACCOUNTLOOKUP)
   csvPF = CSVPrintFile(PRINT_ADMIN_TITLES) if Act.csvFormat() else None
   roleId = None
   userKey = None
-  oneItemPerRow = showPrivileges = False
+  debug = oneItemPerRow = recursive = showPrivileges = False
+  typesSet = set()
   kwargs = {}
   rolePrivileges = {}
-  fieldsList = PRINT_ADMIN_FIELDS
+  allGroupRoles = ','.join(sorted(ALL_GROUP_ROLES))
+  fieldsList = PRINT_ADMIN_FIELDS+['assigneeType']
   assignedToIdEmailMap = {}
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -17094,6 +17189,16 @@ def doPrintShowAdmins():
       userKey = kwargs['userKey'] = getEmailAddress()
     elif myarg == 'role':
       _, roleId = getRoleId()
+    elif _getAssigneeTypes(myarg):
+      pass
+    elif myarg == 'recursive':
+      recursive = True
+      memberOptions = initMemberOptions()
+      memberOptions[MEMBEROPTION_INCLUDEDERIVEDMEMBERSHIP] = True
+      memberOptions[MEMBEROPTION_DISPLAYMATCH] = False
+      memberDisplayOptions = initIPSGMGroupMemberDisplayOptions()
+      for role in [Ent.ROLE_MEMBER, Ent.ROLE_MANAGER, Ent.ROLE_OWNER]:
+        memberDisplayOptions[role]['show'] = True
     elif myarg == 'condition':
       fieldsList.append('condition')
       if csvPF:
@@ -17102,6 +17207,8 @@ def doPrintShowAdmins():
       showPrivileges = True
     elif myarg == 'oneitemperrow':
       oneItemPerRow = True
+    elif myarg == 'debug':
+      debug = True
     else:
       unknownArgumentExit()
   if roleId and not kwargs:
@@ -17113,7 +17220,7 @@ def doPrintShowAdmins():
     admins = callGAPIpages(cd.roleAssignments(), 'list', 'items',
                            pageMessage=getPageMessage(),
                            throwReasons=[GAPI.INVALID, GAPI.USER_NOT_FOUND,
-                                         GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
+                                         GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
                                          GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND,
                                          GAPI.FORBIDDEN, GAPI.PERMISSION_DENIED],
                            retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
@@ -17121,39 +17228,75 @@ def doPrintShowAdmins():
   except (GAPI.invalid, GAPI.userNotFound):
     entityUnknownWarning(Ent.ADMINISTRATOR, userKey)
     return
-  except (GAPI.serviceNotAvailable) as e:
-    entityActionFailedExit([Ent.ADMINISTRATOR, userKey, Ent.ADMIN_ROLE, roleId], str(e))
+  except GAPI.notFound as e:
+    entityActionFailedExit([Ent.ADMIN_ROLE, kwargs['roleId']], str(e))
+  except GAPI.serviceNotAvailable as e:
+    entityActionFailedExit([Ent.ADMINISTRATOR, userKey], str(e))
   except (GAPI.badRequest, GAPI.customerNotFound):
     accessErrorExit(cd)
   except (GAPI.forbidden, GAPI.permissionDenied) as e:
     ClientAPIAccessDeniedExit(str(e))
+  count = len(admins)
+  groupMembers = {}
+  expandedAdmins = []
+  i = 0
+  for admin in admins:
+    i += 1
+    if roleId and roleId != admin['roleId']:
+      continue
+    assignedTo = admin['assignedTo']
+    if admin['assigneeType'] != 'group' or not recursive:
+      if _setNamesFromIds(admin, _getPrivileges(admin)):
+        expandedAdmins.append(admin)
+      continue
+    if assignedTo not in groupMembers:
+      membersList = []
+      membersSet = set()
+      level = 0
+      getGroupMembers(cd, assignedTo, allGroupRoles, membersList, membersSet, i, count,
+                      memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
+      groupMembers[assignedTo] = membersList[:]
+    if not _setNamesFromIds(admin, _getPrivileges(admin)):
+      continue
+    if not groupMembers[assignedTo]:
+      expandedAdmins.append(admin)
+      continue
+    admin['assigneeType'] = 'user'
+    admin['assignedToGroup'] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
+    for member in groupMembers[assignedTo]:
+      userAdmin = admin.copy()
+      userAdmin['assignedTo'] = member['id']
+      _setNamesFromIds(userAdmin, _getPrivileges(admin))
+      expandedAdmins.append(userAdmin)
+  admins = expandedAdmins
+  count = len(expandedAdmins)
   if not csvPF:
-    count = len(admins)
     performActionNumItems(count, Ent.ADMIN_ROLE_ASSIGNMENT)
     Ind.Increment()
     i = 0
-    for admin in admins:
+    for admin in expandedAdmins:
       i += 1
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
       printEntity([Ent.ADMIN_ROLE_ASSIGNMENT, admin['roleAssignmentId']], i, count)
       Ind.Increment()
       for field in PRINT_ADMIN_TITLES:
         if field in admin:
-          if field == 'roleAssignmentId':
+          if (field == 'roleAssignmentId') or (field == 'assignedToUnknown' and not admin[field]):
             continue
-          if field != 'rolePrivileges':
-            printKeyValueList([field, admin[field]])
-          else:
-            showJSON(None, admin[field])
+          printKeyValueList([field, admin[field]])
+      if showPrivileges:
+        rolePrivileges = admin.get('rolePrivileges', [])
+        jcount = len(rolePrivileges)
+        if jcount > 0:
+          printKeyValueList(['rolePrivileges', jcount])
+          Ind.Increment()
+          showJSON(None, rolePrivileges)
+          Ind.Decrement()
       Ind.Decrement()
     Ind.Decrement()
   else:
-    for admin in admins:
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
+    for admin in expandedAdmins:
+      admin.pop('assigneeType', None)
+      admin.pop('assignedToField', None)
       if not oneItemPerRow or 'rolePrivileges' not in admin:
         csvPF.WriteRowTitles(flattenJSON(admin))
       else:
@@ -17856,10 +17999,29 @@ ORG_FIELD_INFO_ORDER = ['orgUnitId', 'name', 'description', 'parentOrgUnitPath',
 ORG_FIELDS_WITH_CRS_NLS = {'description'}
 
 def _doInfoOrgs(entityList):
+  def _printUsers(entityType, orgUnitPath, isSuspended, isArchived):
+    users = callGAPIpages(cd.users(), 'list', 'users',
+                          throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID_INPUT, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
+                          retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                          customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, isSuspended, isArchived), orderBy='email',
+                          fields='nextPageToken,users(primaryEmail,orgUnitPath)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
+    printEntitiesCount(entityType, None)
+    usersInOU = 0
+    Ind.Increment()
+    orgUnitPath = orgUnitPath.lower()
+    for user in users:
+      if orgUnitPath == user['orgUnitPath'].lower():
+        printKeyValueList([user['primaryEmail']])
+        usersInOU += 1
+      elif showChildren:
+        printKeyValueList([f'{user["primaryEmail"]} (child)'])
+        usersInOU += 1
+    Ind.Decrement()
+    printKeyValueList([Msg.TOTAL_ITEMS_IN_ENTITY.format(Ent.Plural(entityType), Ent.Singular(Ent.ORGANIZATIONAL_UNIT)), usersInOU])
+
   cd = buildGAPIObject(API.DIRECTORY)
   getUsers = True
-  isSuspended = None
-  entityType = Ent.USER
+  isSuspended = isArchived = None
   showChildren = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
@@ -17867,7 +18029,8 @@ def _doInfoOrgs(entityList):
       getUsers = False
     elif myarg in SUSPENDED_ARGUMENTS:
       isSuspended = _getIsSuspended(myarg)
-      entityType = Ent.USER_SUSPENDED if isSuspended else Ent.USER_NOT_SUSPENDED
+    elif myarg in ARCHIVED_ARGUMENTS:
+      isArchived = _getIsArchived(myarg)
     elif myarg in {'children', 'child'}:
       showChildren = True
     else:
@@ -17898,38 +18061,29 @@ def _doInfoOrgs(entityList):
             printKeyValueWithCRsNLs(field, value)
       if getUsers:
         orgUnitPath = result['orgUnitPath']
-        users = callGAPIpages(cd.users(), 'list', 'users',
-                              throwReasons=[GAPI.BAD_REQUEST, GAPI.INVALID_INPUT, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
-                              retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                              customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, isSuspended), orderBy='email',
-                              fields='nextPageToken,users(primaryEmail,orgUnitPath)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
-        printEntitiesCount(entityType, None)
-        usersInOU = 0
-        Ind.Increment()
-        orgUnitPath = orgUnitPath.lower()
-        for user in users:
-          if orgUnitPath == user['orgUnitPath'].lower():
-            printKeyValueList([user['primaryEmail']])
-            usersInOU += 1
-          elif showChildren:
-            printKeyValueList([f'{user["primaryEmail"]} (child)'])
-            usersInOU += 1
-        Ind.Decrement()
-        printKeyValueList([Msg.TOTAL_ITEMS_IN_ENTITY.format(Ent.Plural(entityType), Ent.Singular(Ent.ORGANIZATIONAL_UNIT)), usersInOU])
+        if isArchived is None and isSuspended is None:
+          _printUsers(Ent.USER, orgUnitPath, None, None)
+        else:
+          if isArchived is not None:
+            _printUsers(Ent.USER_ARCHIVED if isArchived else Ent.USER_NOT_ARCHIVED, orgUnitPath, None, isArchived)
+          if isSuspended is not None:
+            _printUsers(Ent.USER_SUSPENDED if isSuspended else Ent.USER_NOT_SUSPENDED, orgUnitPath, isSuspended, None)
       Ind.Decrement()
     except (GAPI.invalidInput, GAPI.invalidOrgunit, GAPI.orgunitNotFound, GAPI.backendError):
       entityActionFailedWarning([Ent.ORGANIZATIONAL_UNIT, orgUnitPath], Msg.DOES_NOT_EXIST, i, count)
     except (GAPI.badRequest, GAPI.invalidCustomerId, GAPI.loginRequired, GAPI.resourceNotFound, GAPI.forbidden):
       checkEntityAFDNEorAccessErrorExit(cd, Ent.ORGANIZATIONAL_UNIT, orgUnitPath)
 
-# gam info orgs|ous <OrgUnitEntity> [nousers|notsuspended|suspended] [children|child]
-def doInfoOrgs():
-  _doInfoOrgs(getEntityList(Cmd.OB_ORGUNIT_ENTITY, shlexSplit=True))
-
-# gam info org|ou <OrgUnitItem> [nousers|notsuspended|suspended] [children|child]
+# gam info org|ou <OrgUnitItem>
+#	[nousers | ([notarchived|archived] [notsuspended|suspended])] [children|child]
 def doInfoOrg():
   _doInfoOrgs([getOrgUnitItem()])
 
+# gam info orgs|ous <OrgUnitEntity>
+#	[nousers | ([notarchived|archived] [notsuspended|suspended])] [children|child]
+def doInfoOrgs():
+  _doInfoOrgs(getEntityList(Cmd.OB_ORGUNIT_ENTITY, shlexSplit=True))
+
 ORG_ARGUMENT_TO_FIELD_MAP = {
   'blockinheritance': 'blockInheritance',
   'inheritanceblocked': 'blockInheritance',
@@ -18159,7 +18313,7 @@ def doPrintOrgs():
     return
   if showUserCounts:
     for orgUnit in orgUnits:
-      userCounts[orgUnit['orgUnitPath']] = [0, 0]
+      userCounts[orgUnit['orgUnitPath']] = {'suspended': [0, 0], 'archived': [0, 0], 'total': 0}
     qualifier = Msg.IN_THE.format(Ent.Singular(Ent.ORGANIZATIONAL_UNIT))
     printGettingAllEntityItemsForWhom(Ent.USER, orgUnitPath, qualifier=qualifier, entityType=Ent.ORGANIZATIONAL_UNIT)
     pageMessage = getPageMessageForWhom()
@@ -18169,12 +18323,14 @@ def doPrintOrgs():
                             throwReasons=[GAPI.INVALID_ORGUNIT, GAPI.ORGUNIT_NOT_FOUND,
                                           GAPI.INVALID_INPUT, GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                             retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                            customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, None), orderBy='email',
-                            fields='nextPageToken,users(orgUnitPath,suspended)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
+                            customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, None, None), orderBy='email',
+                            fields='nextPageToken,users(orgUnitPath,suspended,archived)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
       for users in feed:
         for user in users:
           if user['orgUnitPath'] in userCounts:
-            userCounts[user['orgUnitPath']][user['suspended']] += 1
+            userCounts[user['orgUnitPath']]['suspended'][user['suspended']] += 1
+            userCounts[user['orgUnitPath']]['archived'][user['archived']] += 1
+            userCounts[user['orgUnitPath']]['total'] += 1
     except (GAPI.invalidOrgunit, GAPI.orgunitNotFound, GAPI.invalidInput, GAPI.badRequest, GAPI.backendError,
             GAPI.invalidCustomerId, GAPI.loginRequired, GAPI.resourceNotFound, GAPI.forbidden):
       checkEntityDNEorAccessErrorExit(cd, Ent.ORGANIZATIONAL_UNIT, orgUnitPath)
@@ -18241,15 +18397,34 @@ def doPrintOrgs():
             (maxCrOSCounts != -1 and total > maxCrOSCounts)):
           continue
       if showUserCounts:
-        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}NotSuspended'] = userCounts[orgUnitPath][0]
-        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}Suspended'] = userCounts[orgUnitPath][1]
-        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}Total'] = total = userCounts[orgUnitPath][0]+userCounts[orgUnitPath][1]
+        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}NotArchived'] = userCounts[orgUnitPath]['archived'][0]
+        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}Archived'] = userCounts[orgUnitPath]['archived'][1]
+        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}NotSuspended'] = userCounts[orgUnitPath]['suspended'][0]
+        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}Suspended'] = userCounts[orgUnitPath]['suspended'][1]
+        row[f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}Total'] = total = userCounts[orgUnitPath]['total']
         if ((minUserCounts != -1 and total < minUserCounts) or
             (maxUserCounts != -1 and total > maxUserCounts)):
           continue
       csvPF.WriteRowTitles(row)
     else:
       csvPF.WriteRow(row)
+  if showCrOSCounts or showUserCounts:
+    crosTitles = []
+    userTitles = []
+    allTitles = csvPF.titlesList[:]
+    for title in allTitles:
+      if showCrOSCounts and title.startswith(f'CrOS{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}'):
+        crosTitles.append(title)
+        csvPF.RemoveTitles(title)
+      if showUserCounts and title.startswith(f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}'):
+        userTitles.append(title)
+        csvPF.RemoveTitles(title)
+    if showCrOSCounts:
+      csvPF.AddTitles(sorted(crosTitles))
+    if showUserCounts:
+      for title in ['NotArchived', 'Archived', 'NotSuspended', 'Suspended', 'Total']:
+        csvPF.AddTitles(f'Users{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}{title}')
+    csvPF.SetSortTitles([])
   csvPF.writeCSVfile('Orgs')
 
 # gam show orgtree [fromparent <OrgUnitItem>] [batchsuborgs [Boolean>]]
@@ -18459,7 +18634,7 @@ def doCheckOrgUnit():
                             throwReasons=[GAPI.INVALID_ORGUNIT, GAPI.ORGUNIT_NOT_FOUND,
                                           GAPI.INVALID_INPUT, GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN],
                             retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                            customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, None),
+                            customer=GC.Values[GC.CUSTOMER_ID], query=orgUnitPathQuery(orgUnitPath, None, None),
                             fields='nextPageToken,users(orgUnitPath)', maxResults=GC.Values[GC.USER_MAX_RESULTS])
       for users in feed:
         for user in users:
@@ -18880,7 +19055,7 @@ def makeUserGroupDomainQueryFilters(kwargsDict):
       kwargsQueries.append((kwargs, query))
   return kwargsQueries
 
-def userFilters(kwargs, query, orgUnitPath, isSuspended):
+def userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived):
   queryTitle = ''
   if kwargs.get('domain'):
     queryTitle += f'domain={kwargs["domain"]}, '
@@ -18899,6 +19074,12 @@ def userFilters(kwargs, query, orgUnitPath, isSuspended):
     else:
       query += ' '
     query += f'isSuspended={isSuspended}'
+  if isArchived is not None:
+    if query is None:
+      query = ''
+    else:
+      query += ' '
+    query += f'isArchived={isArchived}'
   if query is not None:
     queryTitle += f'query="{query}", '
   if queryTitle:
@@ -18910,7 +19091,7 @@ def userFilters(kwargs, query, orgUnitPath, isSuspended):
 #	 [limittoou <OrgUnitItem>])
 #	[user|users <EmailAddressList>] [group|groups <EmailAddressList>]
 #	[select <UserTypeEntity>]
-#	[issuspended <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
 #	[shownoneditable] [nogroups] [nousers]
 #	[onerowpertarget] [delimiter <Character>]
 #	[suppressnoaliasrows]
@@ -18956,7 +19137,7 @@ def doPrintAliases():
   groups = []
   users = []
   aliasMatchPattern = re.compile(r'^.*$')
-  isSuspended = orgUnitPath = None
+  isArchived = isSuspended = orgUnitPath = None
   addCSVData = {}
   delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
   while Cmd.ArgumentsRemaining():
@@ -18982,6 +19163,8 @@ def doPrintAliases():
       _, users = getEntityToModify(defaultEntityType=Cmd.ENTITY_USERS)
     elif myarg == 'issuspended':
       isSuspended = getBoolean()
+    elif myarg == 'isarchived':
+      isArchived = getBoolean()
     elif myarg in {'user','users'}:
       users.extend(convertEntityToList(getString(Cmd.OB_EMAIL_ADDRESS_LIST, minLen=0)))
     elif myarg in {'group', 'groups'}:
@@ -19016,7 +19199,7 @@ def doPrintAliases():
     for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
       kwargs = kwargsQuery[0]
       query = kwargsQuery[1]
-      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended)
+      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived)
       printGettingAllAccountEntities(Ent.USER, pquery)
       try:
         entityList = callGAPIpages(cd.users(), 'list', 'users',
@@ -22418,12 +22601,12 @@ def infoUserPeopleContacts(users):
 
 # gam <UserTypeEntity> print contacts [todrive <ToDriveAttribute>*] <PeoplePrintShowUserContactSelection>
 #	[showgroups|showgroupnameslist] [orderby firstname|lastname|(lastmodified ascending)|(lastnodified descending)
-#	[countsonly|allfields|fields <PeopleFieldNameList>] [showmetadata]
-#	[formatjson [quotechar <Character>]]
+#	[allfields|fields <PeopleFieldNameList>] [showmetadata]
+#	[countsonly|(formatjson [quotechar <Character>])]
 # gam <UserTypeEntity> show contacts <PeoplePrintShowUserContactSelection>
 #	[showgroups] [orderby firstname|lastname|(lastmodified ascending)|(lastnodified descending)
-#	[countsonly|allfields|(fields <PeopleFieldNameList>)] [showmetadata]
-#	[formatjson]
+#	[allfields|(fields <PeopleFieldNameList>)] [showmetadata]
+#	[countsonly|formatjson]
 def printShowUserPeopleContacts(users):
   entityType = Ent.USER
   entityTypeName = Ent.Singular(entityType)
@@ -22462,6 +22645,8 @@ def printShowUserPeopleContacts(users):
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   if countsOnly:
+    if csvPF:
+      csvPF.SetFormatJSON(False)
     fieldsList = ['emailAddresses']
   if contactQuery['mainContacts']:
     fields = _getPersonFields(PEOPLE_FIELDS_CHOICE_MAP, PEOPLE_CONTACTS_DEFAULT_FIELDS, fieldsList, parameters)
@@ -22699,11 +22884,11 @@ def processUserPeopleOtherContacts(users):
     Ind.Decrement()
 
 # gam <UserTypeEntity> print othercontacts [todrive <ToDriveAttribute>*] <OtherContactSelection>
-#	[countsonly|allfields|(fields <OtherContactFieldNameList>)] [showmetadata]
-#	[formatjson [quotechar <Character>]]
+#	[allfields|(fields <OtherContactFieldNameList>)] [showmetadata]
+#	[countsonly|(formatjson [quotechar <Character>])]
 # gam <UserTypeEntity> show othercontacts <OtherContactSelection>
-#	[countsonly|allfields|(fields <OtherContactFieldNameList>)] [showmetadata]
-#	[formatjson]
+#	[allfields|(fields <OtherContactFieldNameList>)] [showmetadata]
+#	[countsonly|formatjson]
 def printShowUserPeopleOtherContacts(users):
   entityType = Ent.USER
   entityTypeName = Ent.Singular(entityType)
@@ -22733,6 +22918,8 @@ def printShowUserPeopleOtherContacts(users):
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   if countsOnly:
+    if csvPF:
+      csvPF.SetFormatJSON(False)
     fieldsList = ['emailAddresses']
   fields = _getPersonFields(PEOPLE_OTHER_CONTACTS_FIELDS_CHOICE_MAP, PEOPLE_CONTACTS_DEFAULT_FIELDS, fieldsList, parameters)
   i, count, users = getEntityArgument(users)
@@ -22802,6 +22989,8 @@ def _printShowPeople(source):
       function = 'searchDirectoryPeople'
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
+  if countsOnly and csvPF:
+    csvPF.SetFormatJSON(False)
   fields = _getPersonFields(PEOPLE_FIELDS_CHOICE_MAP, PEOPLE_CONTACTS_DEFAULT_FIELDS, fieldsList, parameters)
   printGettingAllEntityItemsForWhom(peopleEntityType, GC.Values[GC.DOMAIN], query=kwargs.get('query'))
   try:
@@ -22839,29 +23028,24 @@ def doInfoDomainPeopleContacts():
 # gam print people|peopleprofile [todrive <ToDriveAttribute>*]
 #	[query <String>]
 #	[mergesources <PeopleMergeSourceName>]
-#	[countsonly]
 #	[allfields|(fields <PeopleFieldNameList>)] [showmetadata]
-#	[formatjson [quotechar <Character>]]
+#	[countsonly|(formatjson [quotechar <Character>])]
 # gam show people|peopleprofile
 #	[query <String>]
 #	[mergesources <PeopleMergeSourceName>]
-#	[countsonly]
 #	[allfields|(fields <PeopleFieldNameList>)] [showmetadata]
-#	[formatjson]
+#	[countsonlyformatjson]
 # gam print domaincontacts|peoplecontacts [todrive <ToDriveAttribute>*]
 #	[sources <PeopleSourceName>]
 #	[query <String>]
 #	[mergesources <PeopleMergeSourceName>]
-#	[countsonly]
 #	[allfields|(fields <PeopleFieldNameList>)] [showmetadata]
-#	[formatjson [quotechar <Character>]]
+#	[countsonly|(formatjson [quotechar <Character>])]
 # gam show domaincontacts|peoplecontacts
 #	[sources <PeopleSourceName>]
 #	[query <String>]
 #	[mergesources <PeopleMergeSourceName>]
-#	[countsonly]
-#	[allfields|(fields <PeopleFieldNameList>)] [showmetadata]
-#	[formatjson]
+#	[countsonlyformatjson]
 def doPrintShowDomainPeopleProfiles():
   _printShowPeople('profile')
 
@@ -23848,7 +24032,7 @@ def _filterActiveTimeRanges(cros, selected, listLimit, startDate, endDate, activ
     activeTimeRanges.reverse()
   i = 0
   for item in activeTimeRanges:
-    activityDate = datetime.datetime.strptime(item['date'], YYYYMMDD_FORMAT)
+    activityDate = arrow.Arrow.strptime(item['date'], YYYYMMDD_FORMAT)
     if ((startDate is None) or (activityDate >= startDate)) and ((endDate is None) or (activityDate <= endDate)):
       item['duration'] = formatMilliSeconds(item['activeTime'])
       item['minutes'] = item['activeTime']//60000
@@ -23867,7 +24051,7 @@ def _filterDeviceFiles(cros, selected, listLimit, startTime, endTime):
   filteredItems = []
   i = 0
   for item in cros.get('deviceFiles', []):
-    timeValue, _ = iso8601.parse_date(item['createTime'])
+    timeValue = arrow.get(item['createTime'])
     if ((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime)):
       item['createTime'] = formatLocalTime(item['createTime'])
       filteredItems.append(item)
@@ -23884,7 +24068,7 @@ def _filterCPUStatusReports(cros, selected, listLimit, startTime, endTime):
   filteredItems = []
   i = 0
   for item in cros.get('cpuStatusReports', []):
-    timeValue, _ = iso8601.parse_date(item['reportTime'])
+    timeValue = arrow.get(item['reportTime'])
     if ((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime)):
       item['reportTime'] = formatLocalTime(item['reportTime'])
       for tempInfo in item.get('cpuTemperatureInfo', []):
@@ -23905,7 +24089,7 @@ def _filterSystemRamFreeReports(cros, selected, listLimit, startTime, endTime):
   filteredItems = []
   i = 0
   for item in cros.get('systemRamFreeReports', []):
-    timeValue, _ = iso8601.parse_date(item['reportTime'])
+    timeValue = arrow.get(item['reportTime'])
     if ((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime)):
       item['reportTime'] = formatLocalTime(item['reportTime'])
       item['systemRamFreeInfo'] = ','.join([str(x) for x in item['systemRamFreeInfo']])
@@ -23938,7 +24122,7 @@ def _filterScreenshotFiles(cros, selected, listLimit, startTime, endTime):
   filteredItems = []
   i = 0
   for item in cros.get('screenshotFiles', []):
-    timeValue, _ = iso8601.parse_date(item['createTime'])
+    timeValue = arrow.get(item['createTime'])
     if ((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime)):
       item['createTime'] = formatLocalTime(item['createTime'])
       filteredItems.append(item)
@@ -23975,7 +24159,7 @@ def _computeDVRstorageFreePercentage(cros):
 
 def _getFilterDateTime():
   filterDate = getYYYYMMDD(returnDateTime=True)
-  return (filterDate, filterDate.replace(tzinfo=iso8601.UTC))
+  return (filterDate, filterDate.replace(tzinfo='UTC'))
 
 CROS_FIELDS_CHOICE_MAP = {
   'activetimeranges': ['activeTimeRanges.activeTime', 'activeTimeRanges.date'],
@@ -24093,6 +24277,7 @@ CROS_LIST_FIELDS_CHOICE_MAP = {
 
 CROS_TIME_OBJECTS = {
   'createTime',
+  'extendedSupportStart',
   'firstEnrollmentTime',
   'lastDeprovisionTimestamp',
   'lastEnrollmentTime',
@@ -24386,9 +24571,9 @@ def getDeviceFilesEntity():
     else:
       for timeItem in myarg.split(','):
         try:
-          timestamp, _ = iso8601.parse_date(timeItem)
+          timestamp = arrow.get(timeItem)
           deviceFilesEntity['list'].append(ISOformatTimeStamp(timestamp.astimezone(GC.Values[GC.TIMEZONE])))
-        except (iso8601.ParseError, OverflowError):
+        except (arrow.parser.ParserError, OverflowError):
           Cmd.Backup()
           invalidArgumentExit(YYYYMMDDTHHMMSS_FORMAT_REQUIRED)
   return deviceFilesEntity
@@ -24415,14 +24600,14 @@ def _selectDeviceFiles(deviceId, deviceFiles, deviceFilesEntity):
     count = 0
     if deviceFilesEntity['time'][0] == 'before':
       for deviceFile in deviceFiles:
-        createTime, _ = iso8601.parse_date(deviceFile['createTime'])
+        createTime = arrow.get(deviceFile['createTime'])
         if createTime >= dateTime:
           break
         count += 1
       return deviceFiles[:count]
 #   if deviceFilesEntity['time'][0] == 'after':
     for deviceFile in deviceFiles:
-      createTime, _ = iso8601.parse_date(deviceFile['createTime'])
+      createTime = arrow.get(deviceFile['createTime'])
       if createTime >= dateTime:
         break
       count += 1
@@ -24431,14 +24616,14 @@ def _selectDeviceFiles(deviceId, deviceFiles, deviceFilesEntity):
     dateTime = deviceFilesEntity['range'][1]
     spos = 0
     for deviceFile in deviceFiles:
-      createTime, _ = iso8601.parse_date(deviceFile['createTime'])
+      createTime = arrow.get(deviceFile['createTime'])
       if createTime >= dateTime:
         break
       spos += 1
     dateTime = deviceFilesEntity['range'][2]
     epos = spos
     for deviceFile in deviceFiles[spos:]:
-      createTime, _ = iso8601.parse_date(deviceFile['createTime'])
+      createTime = arrow.get(deviceFile['createTime'])
       if createTime >= dateTime:
         break
       epos += 1
@@ -25221,7 +25406,7 @@ def doInfoPrintShowCrOSTelemetry():
           i = 0
           for item in listItems:
             if 'reportTime' in item:
-              timeValue, _ = iso8601.parse_date(item['reportTime'])
+              timeValue = arrow.get(item['reportTime'])
             else:
               timeValue = None
             if (timeValue is None) or (((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime))):
@@ -26372,14 +26557,18 @@ CHAT_TIME_OBJECTS = {'createTime', 'deleteTime', 'eventTime', 'lastActiveTime',
 def _showChatItem(citem, entityType, FJQC, i=0, count=0):
   if entityType == Ent.CHAT_SPACE:
     _cleanChatSpace(citem)
+    dictObjectsKey = {None: 'displayName'}
   elif entityType == Ent.CHAT_MESSAGE:
     _cleanChatMessage(citem)
+    dictObjectsKey = {None: 'text'}
+  else:
+    dictObjectsKey={}
   if FJQC.formatJSON:
     printLine(json.dumps(cleanJSON(citem, timeObjects=CHAT_TIME_OBJECTS), ensure_ascii=False, sort_keys=True))
     return
   printEntity([entityType, citem['name']], i, count)
   Ind.Increment()
-  showJSON(None, citem, timeObjects=CHAT_TIME_OBJECTS)
+  showJSON(None, citem, timeObjects=CHAT_TIME_OBJECTS, dictObjectsKey=dictObjectsKey)
   Ind.Decrement()
 
 def _printChatItem(user, citem, parent, entityType, csvPF, FJQC, addCSVData=None):
@@ -26568,7 +26757,7 @@ def printShowChatEmojis(users):
                              pageMessage=_getChatPageMessage(Ent.CHAT_EMOJI, user, i, count, pfilter),
                              throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                              retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                             pageSize=CHAT_PAGE_SIZE, filter=pfilter)
+                             pageSize=GC.Values[GC.CHAT_MAX_RESULTS], filter=pfilter)
     except (GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
       exitIfChatNotConfigured(chat, kvList, str(e), i, count)
       continue
@@ -26638,7 +26827,14 @@ def  getChatSpaceParameters(myarg, body, typeChoicesMap, updateMask):
 
 CHAT_MEMBER_ROLE_MAP = {
   'member': 'ROLE_MEMBER',
-  'manager': 'ROLE_MANAGER'
+  'manager': 'ROLE_ASSISTANT_MANAGER',
+  'owner': 'ROLE_MANAGER',
+  }
+
+CHAT_ROLE_ENTITY_TYPE_MAP = {
+  'ROLE_MEMBER': Ent.CHAT_MEMBER_USER,
+  'ROLE_ASSISTANT_MANAGER': Ent.CHAT_MANAGER_USER,
+  'ROLE_MANAGER':  Ent.CHAT_OWNER_USER,
   }
 
 CHAT_MEMBER_TYPE_MAP = {
@@ -26772,7 +26968,8 @@ CHAT_UPDATE_SPACE_TYPE_MAP = {
   }
 
 CHAT_SPACE_ROLE_PERMISSIONS_MAP = {
-  'managers': 'managersAllowed',
+  'owners': 'managersAllowed',
+  'managers': 'assistantManagersAllowed',
   'members': 'membersAllowed',
   }
 
@@ -26792,13 +26989,13 @@ CHAT_UPDATE_SPACE_PERMISSIONS_MAP = {
 #	 [type space]
 #	 [description <String>] [guidelines|rules <String>]
 #	 [history <Boolean>])
-#	managemembersandgroups managers|members
-#	modifyspacedetails managers|members
-#	togglehistory managers|members
-#	useatmentionall managers|members
-#	manageapps managers|members
-#	managewebhooks managers|members
-#	replymessages managers|members
+#	[managemembersandgroups owners|managers|members]
+#	[modifyspacedetails owners|managers|members]
+#	[togglehistory owners|managers|members]
+#	[useatmentionall owners|managers|members]
+#	[manageapps owners|managers|members]
+#	[managewebhooks owners|managers|members]
+2#	[replymessages owners|managers|members]
 #	[formatjson]
 def updateChatSpace(users):
   FJQC = FormatJSONQuoteChar()
@@ -26816,9 +27013,13 @@ def updateChatSpace(users):
       body.setdefault('permissionSettings', {})
       permissionSetting = CHAT_UPDATE_SPACE_PERMISSIONS_MAP[myarg]
       role = getChoice(CHAT_SPACE_ROLE_PERMISSIONS_MAP, mapChoice=True)
-      body['permissionSettings'][permissionSetting] = {'managersAllowed': True}
+      body['permissionSettings'][permissionSetting] = {}
+      body['permissionSettings'][permissionSetting][role] = True
       if role == 'membersAllowed':
-        body['permissionSettings'][permissionSetting].update({'membersAllowed': True})
+        body['permissionSettings'][permissionSetting]['assistantManagersAllowed'] = True
+        body['permissionSettings'][permissionSetting]['managersAllowed'] = True
+      elif role == 'assistantManagersAllowed':
+        body['permissionSettings'][permissionSetting]['managersAllowed'] = True
       updateMask.add(f'permissionSettings.{permissionSetting}')
     else:
       FJQC.GetFormatJSON(myarg)
@@ -26995,7 +27196,6 @@ def _getChatSpaceSearchParms(myarg, queries, queryTimes, OBY):
     return False
   return True
 
-CHAT_PAGE_SIZE = 1000
 CHAT_SPACES_ADMIN_ORDERBY_CHOICE_MAP = {
   'createtime': 'createTime',
   'lastactivetime': 'lastActiveTime',
@@ -27075,7 +27275,7 @@ def printShowChatSpaces(users):
                              throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR,
                                            GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
                              retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                             fields=fields, pageSize=CHAT_PAGE_SIZE, **kwargsCS)
+                             fields=fields, pageSize=GC.Values[GC.CHAT_MAX_RESULTS], **kwargsCS)
       if showAccessSettings:
         for space in spaces:
           if space['spaceType'] == 'SPACE':
@@ -27141,7 +27341,7 @@ def _getChatSpaceMembers(cd, chatSpace, ciGroupName):
                             pageMessage=_getChatPageMessage(Ent.CHAT_MEMBER, user, 0, 0, qfilter),
                             throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                             retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                            parent=chatSpace, fields=fields, pageSize=CHAT_PAGE_SIZE, **kwargsUAA)
+                            parent=chatSpace, fields=fields, pageSize=GC.Values[GC.CHAT_MAX_RESULTS], **kwargsUAA)
     for member in members:
       _getChatMemberEmail(cd, member)
       gmember = {}
@@ -27193,12 +27393,12 @@ def getGroupMemberID(cd, group, groupList):
   groupList.append(convertEmailAddressToUID(group, cd, emailType='group'))
 
 # gam <UserTypeEntity> create chatmember <ChatSpace>
-#	[type human|bot] [role member|manager]
+#	[type human|bot] [role member|manager|owner]
 #	(user <UserItem>)* (members <UserTypeEntity>)*
 #	(group <GroupItem>)* (groups <GroupEntity>)*
 #	[formatjson|returnidonly]
 # gam <UserItem> create chatmember asadmin <ChatSpace>
-#	[type human|bot] [role member|manager]
+#	[type human|bot] [role member|manager|owner]
 #	(user <UserItem>)* (members <UserTypeEntity>)*
 #	(group <GroupItem>)* (groups <GroupEntity>)*
 #	[formatjson|returnidonly]
@@ -27220,7 +27420,7 @@ def createChatMember(users):
                           throwReasons=[GAPI.ALREADY_EXISTS, GAPI.NOT_FOUND, GAPI.INVALID, GAPI.INVALID_ARGUMENT,
                                         GAPI.INTERNAL_ERROR, GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
                           parent=parent, body=body, **kwargsUAA)
-        if role != 'ROLE_MEMBER' and entityType == Ent.CHAT_MANAGER_USER:
+        if role != 'ROLE_MEMBER' and entityType in (Ent.CHAT_MANAGER_USER, Ent.CHAT_OWNER_USER):
           member = callGAPI(chat.spaces().members(), 'patch',
                             bailOnInternalError=True,
                             throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR,
@@ -27278,7 +27478,7 @@ def createChatMember(users):
     missingArgumentExit('space')
   if not userList and not groupList:
     missingArgumentExit('user|members|group|groups')
-  userEntityType = Ent.CHAT_MEMBER_USER if role == 'ROLE_MEMBER' else Ent.CHAT_MANAGER_USER
+  userEntityType = CHAT_ROLE_ENTITY_TYPE_MAP[role]
   userMembers = []
   for user in userList:
     userMembers.append({'member': {'name': f'users/{user}', 'type': mtype}})
@@ -27327,16 +27527,16 @@ def _deleteChatMembers(chat, kvList, jcount, memberNames, i, count, kwargsUAA):
 # gam <UserItem> remove chatmember asadmin
 #	members <ChatMemberList>
 # gam <UserTypeEntity> update chatmember <ChatSpace>
-#	role member|manager
+#	role member|manager|owner
 #	((user <UserItem>)|(members <UserTypeEntity>))+
 # gam <UserTypeEntity> modify chatmember
-#	role member|manager
+#	role member|manager|owner
 #	members <ChatMemberList>
 # gam <UserItem> update chatmember asadmin<ChatSpace>
-#	role member|manager
+#	role member|manager|owner
 #	((user <UserItem>)|(members <UserTypeEntity>))+
 # gam <UserItem> modify chatmember asadmin
-#	role member|manager
+#	role member|manager|owner
 #	members <ChatMemberList>
 def deleteUpdateChatMember(users):
   cd = buildGAPIObject(API.DIRECTORY)
@@ -27430,7 +27630,7 @@ def deleteUpdateChatMember(users):
 CHAT_SYNC_PREVIEW_TITLES = ['space', 'member', 'role', 'action', 'message']
 
 # gam <UserTypeEntity> sync chatmembers [asadmin] <ChatSpace>
-#	[role member|manager] [type human|bot]
+#	[role member|manager|owner] [type human|bot]
 #	[addonly|removeonly]
 #	[preview [actioncsv]]
 #	(users <UserTypeEntity>)* (groups <GroupEntity>)*
@@ -27535,7 +27735,7 @@ def syncChatMembers(users):
       unknownArgumentExit()
   if not parent:
     missingArgumentExit('space')
-  userEntityType = Ent.CHAT_MEMBER_USER if role == 'ROLE_MEMBER' else Ent.CHAT_MANAGER_USER
+  userEntityType = CHAT_ROLE_ENTITY_TYPE_MAP[role]
   userMembers = {}
   syncUsersSet = set()
   for user in userList:
@@ -27565,7 +27765,7 @@ def syncChatMembers(users):
                               pageMessage=_getChatPageMessage(Ent.CHAT_MEMBER, user, i, count, qfilter),
                               throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
                               retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                              parent=parent, showGroups=groupsSpecified, pageSize=CHAT_PAGE_SIZE, **kwargs, **kwargsUAA)
+                              parent=parent, showGroups=groupsSpecified, pageSize=GC.Values[GC.CHAT_MAX_RESULTS], **kwargs, **kwargsUAA)
       for member in members:
         if 'member' in member:
           if member['member']['type'] == mtype and member['role'] == role:
@@ -27766,7 +27966,7 @@ def printShowChatMembers(users):
                                  throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR,
                                                GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
                                  retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                                 fields="nextPageToken,spaces(name,displayName,spaceType,membershipCount)", pageSize=CHAT_PAGE_SIZE,
+                                 fields="nextPageToken,spaces(name,displayName,spaceType,membershipCount)", pageSize=GC.Values[GC.CHAT_MAX_RESULTS],
                                  **kwargsCS)
           for space in sorted(spaces, key=lambda k: k[sortName]):
             if space['spaceType'] == 'SPACE' and 'membershipCount' in space:
@@ -27783,7 +27983,7 @@ def printShowChatMembers(users):
                                  throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.INTERNAL_ERROR,
                                                GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
                                  retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                                 fields="nextPageToken,spaces(name,displayName,spaceType,membershipCount)", pageSize=CHAT_PAGE_SIZE,
+                                 fields="nextPageToken,spaces(name,displayName,spaceType,membershipCount)", pageSize=GC.Values[GC.CHAT_MAX_RESULTS],
                                  **kwargsCS)
           for space in sorted(spaces, key=lambda k: k[sortName]):
 #            if 'membershipCount' in space:
@@ -27814,7 +28014,7 @@ def printShowChatMembers(users):
                                 pageMessage=_getChatPageMessage(Ent.CHAT_MEMBER, user, j, jcount, qfilter),
                                 throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                                 retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                                parent=parentName, fields=fields, pageSize=CHAT_PAGE_SIZE, **kwargs, **kwargsUAA)
+                                parent=parentName, fields=fields, pageSize=GC.Values[GC.CHAT_MAX_RESULTS], **kwargs, **kwargsUAA)
         for member in members:
           _getChatMemberEmail(cd, member)
       except (GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
@@ -27846,10 +28046,11 @@ def _getChatSenderEmail(cd, sender):
     sender['email'], _ = convertUIDtoEmailAddressWithType(f'uid:{senderUid}', cd, None, emailTypes=['user'])
 
 def trimChatMessageIfRequired(body):
-  msgLen = len(body['text'])
-  if msgLen > 4096:
-    stderrWarningMsg(Msg.TRIMMED_MESSAGE_FROM_LENGTH_TO_MAXIMUM.format(msgLen, 4096))
-    body['text'] = body['text'][:4095]
+  if 'text' in body:
+    msgLen = len(body['text'])
+    if msgLen > 4096:
+      stderrWarningMsg(Msg.TRIMMED_MESSAGE_FROM_LENGTH_TO_MAXIMUM.format(msgLen, 4096))
+      body['text'] = body['text'][:4095]
 
 CHAT_MESSAGE_REPLY_OPTION_MAP = {
   'fail': 'REPLY_MESSAGE_OR_FAIL',
@@ -27926,22 +28127,29 @@ def doCreateChatMessage():
   createChatMessage([None])
 
 # gam [<UserTypeMessage>] update chatmessage name <ChatMessage>
-#	<ChatContent>
+#	[<ChatContent>] [clearattachments <String>]
 def updateChatMessage(users):
   name = None
   body = {}
+  updateMask = []
+  clearMsg = ''
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg == 'name':
       name = getString(Cmd.OB_CHAT_MESSAGE)
     elif myarg in SORF_TEXT_ARGUMENTS:
       body['text'] = getStringOrFile(myarg, minLen=0, unescapeCRLF=True)[0]
+      updateMask.append('text')
+    elif myarg == 'clearattachments':
+      clearMsg = getString(Cmd.OB_STRING, minLen=0)
+      body['attachment'] = []
+      updateMask.append('attachment')
     else:
       unknownArgumentExit()
   if not name:
     missingArgumentExit('name')
-  if 'text' not in body:
-    missingArgumentExit('text or textfile')
+  if not updateMask:
+    missingArgumentExit('text|textfile|clearattachments')
   trimChatMessageIfRequired(body)
   i, count, users = getEntityArgument(users)
   for user in users:
@@ -27950,9 +28158,19 @@ def updateChatMessage(users):
     if not chat:
       continue
     try:
+      if 'attachment' in updateMask and 'text' not in updateMask:
+        resp = callGAPI(chat.spaces().messages(), 'get',
+                        throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
+                        name=name, fields='text')
+        body['text'] = resp.get('text', '')
+        if clearMsg:
+          body['text'] += clearMsg
+        elif not body['text']:
+          body['text'] = 'Attachments cleared'
+        updateMask.append('text')
       resp = callGAPI(chat.spaces().messages(), 'patch',
                       throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.FAILED_PRECONDITION],
-                      name=name, updateMask='text', body=body)
+                      name=name, updateMask=','.join(updateMask), body=body)
       kvList.extend([Ent.CHAT_THREAD, resp['thread']['name']])
       entityActionPerformed(kvList, i, count)
     except (GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
@@ -28128,7 +28346,7 @@ def printShowChatMessages(users):
                                  pageMessage=_getChatPageMessage(Ent.CHAT_MESSAGE, user, i, count, qfilter),
                                  throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                                  retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                                 pageSize=CHAT_PAGE_SIZE, parent=parentName, filter=pfilter, showDeleted=showDeleted,
+                                 pageSize=GC.Values[GC.CHAT_MAX_RESULTS], parent=parentName, filter=pfilter, showDeleted=showDeleted,
                                  fields=fields)
         for message in messages:
           if 'sender' in message:
@@ -28246,7 +28464,7 @@ def printShowChatEvents(users):
                                pageMessage=_getChatPageMessage(Ent.CHAT_EVENT, user, i, count, qfilter),
                                throwReasons=[GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                                retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                               pageSize=CHAT_PAGE_SIZE, parent=parentName, filter=pfilter)
+                               pageSize=GC.Values[GC.CHAT_MAX_RESULTS], parent=parentName, filter=pfilter)
       except (GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
         exitIfChatNotConfigured(chat, kvList, str(e), i, count)
         continue
@@ -31701,6 +31919,65 @@ def doPrintShowChromeNeedsAttn():
   if csvPF:
     csvPF.writeCSVfile('Chrome Devices Needing Attention')
 
+CHROME_DEVICE_COUNTS_MODE_CHOICES = ['active', 'perboottype', 'perreleasechannel']
+CHROME_DEVICE_COUNTS_MODE_FUNCTIONS = {
+  'active': 'countActiveDevices',
+  'perboottype': 'countDevicesPerBootType',
+  'perreleasechannel': 'countDevicesPerReleaseChannel'
+  }
+CHROME_DEVICE_COUNTS_MODE_CSV_TITLE = {
+  'active': 'Chrome Active Devices',
+  'perboottype': 'Chrome Devices per Boot Type',
+  'perreleasechannel': 'Chrome Devices per Release Channel'
+  }
+
+# gam print chromedevicecounts [todrive <ToDriveAttribute>*]
+#	[mode active|perboottype|perreleasechannel] [date <Date>]
+#	[formatjson [quotechar <Character>]]
+# gam show chromedevicecounts
+#	[mode active|perboottype|perreleasechannel] [date <Date>]
+#	[formatjson]
+def doPrintShowChromeDeviceCounts():
+  cm = buildGAPIObject(API.CHROMEMANAGEMENT)
+  customerId = _getCustomersCustomerIdWithC()
+  csvPF = CSVPrintFile() if Act.csvFormat() else None
+  FJQC = FormatJSONQuoteChar(csvPF)
+  pdate = todaysDate()
+  mode = 'active'
+  while Cmd.ArgumentsRemaining():
+    myarg = getArgument()
+    if csvPF and myarg == 'todrive':
+      csvPF.GetTodriveParameters()
+    elif myarg == 'mode':
+      mode = getChoice(CHROME_DEVICE_COUNTS_MODE_CHOICES)
+    elif myarg == 'date':
+      pdate = getYYYYMMDD(returnDateTime=True)
+    else:
+      FJQC.GetFormatJSONQuoteChar(myarg, True)
+  kwargs = {'date_day': pdate.day, 'date_month': pdate.month, 'date_year': pdate.year}
+  try:
+    counts = callGAPI(cm.customers().reports(), CHROME_DEVICE_COUNTS_MODE_FUNCTIONS[mode],
+                      throwReasons=[GAPI.INVALID, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED, GAPI.SERVICE_NOT_AVAILABLE],
+                      retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                      customer=customerId, **kwargs)
+  except (GAPI.invalid, GAPI.invalidArgument, GAPI.permissionDenied, GAPI.serviceNotAvailable) as e:
+    entityActionFailedWarning([Ent.CHROME_DEVICE_COUNT, None], str(e))
+    return
+  for k, v in counts.items():
+    counts[k] = int(v)
+  if not csvPF:
+    if not FJQC.formatJSON:
+      showJSON(CHROME_DEVICE_COUNTS_MODE_CSV_TITLE[mode], counts)
+    else:
+      printLine(json.dumps(cleanJSON(counts), ensure_ascii=False, sort_keys=True))
+  else:
+    row = flattenJSON(counts)
+    if not FJQC.formatJSON:
+      csvPF.WriteRowTitles(row)
+    elif csvPF.CheckRowTitles(row):
+      csvPF.WriteRowNoFilter({'JSON': json.dumps(cleanJSON(counts), ensure_ascii=False, sort_keys=True)})
+    csvPF.writeCSVfile(CHROME_DEVICE_COUNTS_MODE_CSV_TITLE[mode])
+
 CHROME_VERSIONS_TITLES = ['channel', 'system', 'deviceOsVersion']
 
 # gam print chromeversions [todrive <ToDriveAttribute>*]
@@ -32861,6 +33138,8 @@ def doCreateGroup(ciGroupsAPI=False):
       initialGroupConfig = 'WITH_INITIAL_OWNER'
     elif ciGroupsAPI and myarg in {'security', 'makesecuritygroup'}:
       body['labels'][CIGROUP_SECURITY_LABEL] = ''
+    elif ciGroupsAPI and myarg in ['locked']:
+      body['labels'][CIGROUP_LOCKED_LABEL] = ''
     elif myarg == 'verifynotinvitable':
       verifyNotInvitable = True
     else:
@@ -35752,7 +36031,7 @@ def doPrintShowGroupTree():
 # gam create cigroup <EmailAddress>
 #	[copyfrom <GroupItem>] <GroupAttribute>
 #	[makeowner] [alias|aliases <CIGroupAliasList>]
-#	[security|makesecuritygroup]
+#	[security|makesecuritygroup] [locked]
 #	[dynamic <QueryDynamicGroup>]
 def doCreateCIGroup():
   doCreateGroup(ciGroupsAPI=True)
@@ -35936,7 +36215,6 @@ def doUpdateCIGroups():
 
   cd = buildGAPIObject(API.DIRECTORY)
   ci = buildGAPIObject(API.CLOUDIDENTITY_GROUPS)
-  cib = None
   entityType = Ent.CLOUD_IDENTITY_GROUP
   csvPF = None
   getBeforeUpdate = preview = False
@@ -36045,7 +36323,6 @@ def doUpdateCIGroups():
         _, name, _ = convertGroupEmailToCloudID(ci, group, i, count)
         if not name:
           continue
-        cipl = ci
         twoUpdates = False
         if 'labels' in ci_body or lockGroup is not None:
           try:
@@ -36074,20 +36351,16 @@ def doUpdateCIGroups():
             else:
               if CIGROUP_LOCKED_LABEL in ci_body['labels']:
                 ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
-          if CIGROUP_LOCKED_LABEL in ci_body['labels']:
-            if cib is None:
-              cib = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
-            cipl = cib
         if ci_body:
           try:
             if twoUpdates:
               ci_body['labels'].pop(CIGROUP_LOCKED_LABEL)
-              callGAPI(cipl.groups(), 'patch',
+              callGAPI(ci.groups(), 'patch',
                        throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
                        retryReasons=GAPI.CIGROUP_RETRY_REASONS,
                        name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
               ci_body['labels'][CIGROUP_LOCKED_LABEL] = ''
-            callGAPI(cipl.groups(), 'patch',
+            callGAPI(ci.groups(), 'patch',
                      throwReasons=GAPI.CIGROUP_UPDATE_THROW_REASONS,
                      retryReasons=GAPI.CIGROUP_RETRY_REASONS,
                      name=name, body=ci_body, updateMask=','.join(list(ci_body.keys())))
@@ -37071,20 +37344,17 @@ def doPrintCIGroups():
     else:
       getFullFieldsList = list(CIGROUP_FULL_FIELDS)
     getFullFields = ','.join(getFullFieldsList)#
-    cipl = ci
     if query:
       method = 'search'
       if 'parent' not in query:
         query += f" && parent == '{parent}'"
       kwargs = {'query': query}
-      if CIGROUP_LOCKED_LABEL in query:
-        cipl = buildGAPIObject(API.CLOUDIDENTITY_GROUPS_BETA)
     else:
       method = 'list'
       kwargs = {'parent': parent}
     printGettingAllAccountEntities(Ent.CLOUD_IDENTITY_GROUP, query)
     try:
-      entityList = callGAPIpages(cipl.groups(), method, 'groups',
+      entityList = callGAPIpages(ci.groups(), method, 'groups',
                                  pageMessage=getPageMessage(showFirstLastItems=True), messageAttribute=['groupKey', 'id'],
                                  throwReasons=GAPI.CIGROUP_LIST_THROW_REASONS, retryReasons=GAPI.CIGROUP_RETRY_REASONS,
                                  view='FULL', fields=fieldsnp, pageSize=pageSize, **kwargs)
@@ -40062,15 +40332,15 @@ def _getEventDaysOfWeek(event):
     if attr in event:
       if 'date' in event[attr]:
         try:
-          dateTime = datetime.datetime.strptime(event[attr]['date'], YYYYMMDD_FORMAT)
-          event[attr]['dayOfWeek'] = calendarlib.day_abbr[dateTime.weekday()]
+          dateTime = arrow.Arrow.strptime(event[attr]['date'], YYYYMMDD_FORMAT)
+          event[attr]['dayOfWeek'] = DAYS_OF_WEEK[dateTime.weekday()]
         except ValueError:
           pass
       elif 'dateTime' in event[attr]:
         try:
-          dateTime, _ = iso8601.parse_date(event[attr]['dateTime'])
-          event[attr]['dayOfWeek'] = calendarlib.day_abbr[dateTime.weekday()]
-        except (iso8601.ParseError, OverflowError):
+          dateTime = arrow.get(event[attr]['dateTime'])
+          event[attr]['dayOfWeek'] = DAYS_OF_WEEK[dateTime.weekday()]
+        except (arrow.parser.ParserError, OverflowError):
           pass
 
 def _createCalendarEvents(user, origCal, function, calIds, count, body, parameters):
@@ -40108,7 +40378,7 @@ def _createCalendarEvents(user, origCal, function, calIds, count, body, paramete
       else:
         if parameters['showDayOfWeek']:
           _getEventDaysOfWeek(event)
-        _printCalendarEvent(user, calId, event, parameters['csvPF'], parameters['FJQC'])
+        _printCalendarEvent(user, calId, event, parameters['csvPF'], parameters['FJQC'], {})
     except (GAPI.invalid, GAPI.required, GAPI.timeRangeEmpty, GAPI.eventDurationExceedsLimit,
             GAPI.requiredAccessLevel, GAPI.participantIsNeitherOrganizerNorAttendee,
             GAPI.malformedWorkingLocationEvent, GAPI.badRequest) as e:
@@ -40212,7 +40482,7 @@ def _updateCalendarEvents(origUser, user, origCal, calIds, count, calendarEventE
         else:
           if parameters['showDayOfWeek']:
             _getEventDaysOfWeek(event)
-          _printCalendarEvent(user, calId, event, parameters['csvPF'], parameters['FJQC'])
+          _printCalendarEvent(user, calId, event, parameters['csvPF'], parameters['FJQC'], {})
       except (GAPI.notFound, GAPI.deleted) as e:
         if not checkCalendarExists(cal, calId, j, jcount):
           entityUnknownWarning(Ent.CALENDAR, calId, j, jcount)
@@ -40509,10 +40779,12 @@ def _showCalendarEvent(primaryEmail, calId, eventEntityType, event, k, kcount, F
   showJSON(None, event, skipObjects)
   Ind.Decrement()
 
-def _printCalendarEvent(user, calId, event, csvPF, FJQC):
+def _printCalendarEvent(user, calId, event, csvPF, FJQC, addCSVData):
   row = {'calendarId': calId, 'id': event['id']}
   if user:
     row['primaryEmail'] = user
+  if addCSVData:
+    row.update(addCSVData)
   flattenJSON(event, flattened=row, timeObjects=EVENT_TIME_OBJECTS)
   if not FJQC.formatJSON:
     csvPF.WriteRowTitles(row)
@@ -40525,7 +40797,7 @@ def _printCalendarEvent(user, calId, event, csvPF, FJQC):
     csvPF.WriteRowNoFilter(row)
 
 def _printShowCalendarEvents(origUser, user, origCal, calIds, count, calendarEventEntity,
-                             csvPF, FJQC, fieldsList):
+                             csvPF, FJQC, fieldsList, addCSVData):
   i = 0
   for calId in calIds:
     i += 1
@@ -40551,7 +40823,7 @@ def _printShowCalendarEvents(origUser, user, origCal, calIds, count, calendarEve
           for event in events:
             if calendarEventEntity['showDayOfWeek']:
               _getEventDaysOfWeek(event)
-            _printCalendarEvent(user, calId, event, csvPF, FJQC)
+            _printCalendarEvent(user, calId, event, csvPF, FJQC, addCSVData)
         elif GC.Values[GC.CSV_OUTPUT_USERS_AUDIT] and user:
           csvPF.WriteRowNoFilter({'calendarId': calId, 'primaryEmail': user, 'id': ''})
       else:
@@ -40569,6 +40841,8 @@ def _printShowCalendarEvents(origUser, user, origCal, calIds, count, calendarEve
         row = {'calendarId': calId}
         if user:
           row['primaryEmail'] = user
+        if addCSVData:
+          row.update(addCSVData)
         row['events'] = jcount
         if not calendarEventEntity['eventRowFilter']:
           csvPF.WriteRow(row)
@@ -40799,6 +41073,8 @@ def _getCalendarPrintShowEventOptions(calendarEventEntity, entityType):
   csvPF = CSVPrintFile(['primaryEmail', 'calendarId', 'id'] if entityType == Ent.USER else ['calendarId', 'id'], 'sortall', indexedTitles=EVENT_INDEXED_TITLES) if Act.csvFormat() else None
   FJQC = FormatJSONQuoteChar(csvPF)
   fieldsList = []
+  addCSVData = {}
+  addCSVDataLoc = 2 if entityType == Ent.USER else 1
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
@@ -40807,6 +41083,9 @@ def _getCalendarPrintShowEventOptions(calendarEventEntity, entityType):
       pass
     elif myarg == 'fields':
       _getEventFields(fieldsList)
+    elif csvPF and myarg == 'addcsvdata':
+      k = getString(Cmd.OB_STRING)
+      addCSVData[k] = getString(Cmd.OB_STRING, minLen=0)
     elif myarg == 'countsonly':
       calendarEventEntity['countsOnly'] = True
     elif myarg == 'showdayofweek':
@@ -40819,27 +41098,35 @@ def _getCalendarPrintShowEventOptions(calendarEventEntity, entityType):
     fieldsList = ['id']
   if csvPF:
     if calendarEventEntity['countsOnly']:
+      csvPF.SetFormatJSON(False)
       csvPF.RemoveTitles(['id'])
+      if addCSVData:
+        csvPF.InsertTitles(addCSVDataLoc, sorted(addCSVData.keys()))
       csvPF.AddTitles(['events'])
+      csvPF.SetSortAllTitles()
       calendarEventEntity['countsOnlyTitles'] = csvPF.titlesList[:]
-    elif not FJQC.formatJSON and not fieldsList:
-      csvPF.AddSortTitles(EVENT_PRINT_ORDER)
+    else:
+      if addCSVData:
+        csvPF.InsertTitles(addCSVDataLoc, sorted(addCSVData.keys()))
+      if not FJQC.formatJSON and not fieldsList:
+        csvPF.AddTitles(EVENT_PRINT_ORDER)
+      csvPF.SetSortAllTitles()
   _addEventEntitySelectFields(calendarEventEntity, fieldsList)
-  return (csvPF, FJQC, fieldsList)
+  return (csvPF, FJQC, fieldsList, addCSVData)
 
 # gam calendars <CalendarEntity> print events <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly [eventrowfilter]]
-#	[formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+#	(addcsvdata <FieldName> <String>)*
+#	[eventrowfilter]
+#	[countsonly|(formatjson [quotechar <Character>])] [todrive <ToDriveAttribute>*]
 # gam calendars <CalendarEntity> show events <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly]
-#	[formatjson]
+#	[countsonly|formatjson]
 def doCalendarsPrintShowEvents(calIds):
   calendarEventEntity = getCalendarEventEntity()
-  csvPF, FJQC, fieldsList = _getCalendarPrintShowEventOptions(calendarEventEntity, Ent.CALENDAR)
+  csvPF, FJQC, fieldsList, addCSVData = _getCalendarPrintShowEventOptions(calendarEventEntity, Ent.CALENDAR)
   _printShowCalendarEvents(None, None, None, calIds, len(calIds), calendarEventEntity,
-                           csvPF, FJQC, fieldsList)
+                           csvPF, FJQC, fieldsList, addCSVData)
   if csvPF:
     if calendarEventEntity['countsOnly'] and calendarEventEntity['eventRowFilter']:
       csvPF.SetTitles(calendarEventEntity['countsOnlyTitles'])
@@ -41643,7 +41930,7 @@ def convertQueryNameToID(v, nameOrId, matterId, matterNameId):
       query = callGAPI(v.matters().savedQueries(), 'get',
                        throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN, GAPI.INVALID_ARGUMENT],
                        matterId=matterId, savedQueryId=cg.group(1))
-      return (query['savedQueryId'], query['displayName'], formatVaultNameId(query['savedQueryId'], query['displayName']))
+      return (query['savedQueryId'], query['displayName'], formatVaultNameId(query['savedQueryId'], query['displayName']), query['query'])
     except (GAPI.notFound, GAPI.badRequest):
       entityDoesNotHaveItemExit([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, nameOrId])
     except (GAPI.forbidden, GAPI.invalidArgument) as e:
@@ -41652,12 +41939,12 @@ def convertQueryNameToID(v, nameOrId, matterId, matterNameId):
   try:
     queries = callGAPIpages(v.matters().savedQueries(), 'list', 'savedQueries',
                             throwReasons=[GAPI.FORBIDDEN, GAPI.INVALID_ARGUMENT],
-                            matterId=matterId, fields='savedQueries(savedQueryId,displayName),nextPageToken')
+                            matterId=matterId, fields='savedQueries(savedQueryId,displayName,query),nextPageToken')
   except (GAPI.forbidden, GAPI.invalidArgument) as e:
     ClientAPIAccessDeniedExit(str(e))
   for query in queries:
     if query['displayName'].lower() == nameOrIdlower:
-      return (query['savedQueryId'], query['displayName'], formatVaultNameId(query['savedQueryId'], query['displayName']))
+      return (query['savedQueryId'], query['displayName'], formatVaultNameId(query['savedQueryId'], query['displayName']), query['query'])
   entityDoesNotHaveItemExit([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, nameOrId])
 
 def getMatterItem(v, state=None):
@@ -41705,6 +41992,7 @@ VAULT_SEARCH_METHODS_MAP = {
   'accounts': 'ACCOUNT',
   'chatspace': 'ROOM',
   'chatspaces': 'ROOM',
+  'documentids': 'DRIVE_DOCUMENT',
   'entireorg': 'ENTIRE_ORG',
   'everyone': 'ENTIRE_ORG',
   'org': 'ORG_UNIT',
@@ -41802,11 +42090,13 @@ VAULT_QUERY_ARGS = [
 # drive
   'driveclientsideencryption', 'driveversiondate', 'includeshareddrives', 'includeteamdrives', 'shareddrivesoption',
 # hangoutsChat
-  'includerooms',
+  'includerooms', 
 # mail
   'mailclientsideencryption', 'excludedrafts',
 # voice
   'covereddata',
+# all
+  'json',
   ] + list(VAULT_SEARCH_METHODS_MAP.keys())
 
 def _buildVaultQuery(myarg, query, corpusArgumentMap):
@@ -41820,12 +42110,14 @@ def _buildVaultQuery(myarg, query, corpusArgumentMap):
     query['dataScope'] = 'ALL_DATA'
   if myarg == 'corpus':
     query['corpus'] = getChoice(corpusArgumentMap, mapChoice=True)
+  elif myarg == 'scope':
+    query['dataScope'] = getChoice(VAULT_EXPORT_DATASCOPE_MAP, mapChoice=True)
   elif myarg in VAULT_SEARCH_METHODS_MAP:
-    if query.get('searchMethod'):
+    if query.get('method'):
       Cmd.Backup()
       usageErrorExit(Msg.MULTIPLE_SEARCH_METHODS_SPECIFIED.format(formatChoiceList(VAULT_SEARCH_METHODS_MAP)))
     searchMethod = VAULT_SEARCH_METHODS_MAP[myarg]
-    query['searchMethod'] = searchMethod
+    query['method'] = searchMethod
     if searchMethod == 'ACCOUNT':
       query['accountInfo'] = {'emails': getNormalizedEmailAddressEntity()}
     elif searchMethod == 'ORG_UNIT':
@@ -41840,8 +42132,8 @@ def _buildVaultQuery(myarg, query, corpusArgumentMap):
       query['hangoutsChatInfo'] = {'roomId': roomIds}
     elif searchMethod == 'SITES_URL':
       query['sitesUrlInfo'] = {'urls': _getQueryList(Cmd.OB_URL_LIST)}
-  elif myarg == 'scope':
-    query['dataScope'] = getChoice(VAULT_EXPORT_DATASCOPE_MAP, mapChoice=True)
+    elif searchMethod == 'DRIVE_DOCUMENT':
+      query['driveDocumentInfo'] = {'documentIds': {'ids': _getQueryList(Cmd.OB_DRIVE_FILE_ID_LIST)}}
   elif myarg == 'terms':
     query['terms'] = getString(Cmd.OB_STRING)
   elif myarg in {'start', 'starttime'}:
@@ -41880,50 +42172,73 @@ def _buildVaultQuery(myarg, query, corpusArgumentMap):
     query['hangoutsChatOptions'] = {'includeRooms': getBoolean()}
 # mail
   elif myarg == 'excludedrafts':
-    query['mailOptions'] = {'excludeDrafts': getBoolean()}
+    query.setdefault('mailOptions', {})['excludeDrafts'] =  getBoolean()
   elif myarg == 'mailclientsideencryption':
     query.setdefault('mailOptions', {})['clientSideEncryptedOption'] = getChoice(VAULT_CSE_OPTION_MAP, mapChoice=True)
 # voice
   elif myarg == 'covereddata':
-    query['voiceOptions'] = {'coveredData': getChoice(VAULT_VOICE_COVERED_DATA_MAP, mapChoice=True)}
+    query.setdefault('voiceOptions', {'coveredData': []})
+    query['voiceOptions']['coveredData'].append(getChoice(VAULT_VOICE_COVERED_DATA_MAP, mapChoice=True))
+# all
+  elif myarg == 'json':
+    jsonData = getJSON([])
+    if 'query' in jsonData:
+      query.update(jsonData['query'])
+    else:
+      query.update(jsonData)
+
 
 def _validateVaultQuery(body, corpusArgumentMap):
   if 'corpus' not in body['query']:
     missingArgumentExit(f'corpus {formatChoiceList(corpusArgumentMap)}')
-  if 'searchMethod' not in body['query']:
+  if 'method' not in body['query']:
     missingArgumentExit(formatChoiceList(VAULT_SEARCH_METHODS_MAP))
   if 'exportOptions' in body:
     for corpus, options in VAULT_CORPUS_OPTIONS_MAP.items():
       if body['query']['corpus'] != corpus:
         body['exportOptions'].pop(options, None)
 
-# gam create vaultexport|export matter <MatterItem> [name <String>] corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
-#	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
+# gam create vaultexport|export matter <MatterItem> [name <String>]
+#	vaultquery <QueryItem>
+#	[driveclientsideencryption any|encrypted|unencrypted]
+#	[includeaccessinfo <Boolean>]
+#	[excludedrafts <Boolean>] [mailclientsideencryption any|encrypted|unencrypted]
+#	[showconfidentialmodecontent <Boolean>] [usenewexport <Boolean>] [exportlinkeddrivefiles <Boolean>]
+#	[format ics|mbox|pst|xml]
+#	[region any|europe|us] [showdetails|returnidonly]
+# gam create vaultexport|export matter <MatterItem> [name <String>]
+#	corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
+#	[scope all_data|held_data|unprocessed_data]
+#	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone|entireorg
+#	(documentids  (<DriveFileIDList>|(select <FileSelector>|<CSVFileSelector>))) |
 #	(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
-#	    (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
-#	    (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
-#	[scope <all_data|held_data|unprocessed_data>]
+#	[(includeshareddrives <Boolean>)|(shareddrivesoption included|included_if_account_is_not_a_member|not_included)]
+#	(sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
+#	[driveversiondate <Date>|<Time>]
+#	[includerooms <Boolean>]
+#	(rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
 #	[locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
 #	[responsestatuses <AttendeeStatus>(,<AttendeeStatus>)*] [calendarversiondate <Date>|<Time>]
-#	[(includeshareddrives <Boolean>)|(shareddrivesoption included|included_if_account_is_not_a_member|not_included)]
-#	[driveversiondate <Date>|<Time>] [includeaccessinfo <Boolean>]
+#	(covereddata calllogs|textmessages|voicemails)*
+#	[<JSONData>]
 #	[driveclientsideencryption any|encrypted|unencrypted]
-#	[includerooms <Boolean>]
+#	[includeaccessinfo <Boolean>]
 #	[excludedrafts <Boolean>] [mailclientsideencryption any|encrypted|unencrypted]
 #	[showconfidentialmodecontent <Boolean>] [usenewexport <Boolean>] [exportlinkeddrivefiles <Boolean>]
-#	[covereddata calllogs|textmessages|voicemails]
 #	[format ics|mbox|pst|xml]
 #	[region any|europe|us] [showdetails|returnidonly]
 def doCreateVaultExport():
   v = buildGAPIObject(API.VAULT)
   matterId = None
   body = {'query': {'dataScope': 'ALL_DATA'}, 'exportOptions': {}}
+  includeAccessInfo = None
   exportFormat = None
+  formatLocation = None
+  useNewExport = None
   showConfidentialModeContent = None
   exportLinkedDriveFiles = None
   returnIdOnly = showDetails = False
-  useNewExport = None
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg == 'matter':
@@ -41931,22 +42246,23 @@ def doCreateVaultExport():
       body['matterId'] = matterId
     elif myarg == 'name':
       body['name'] = getString(Cmd.OB_STRING)
+    elif matterId is not None and myarg == 'vaultquery':
+      _, _, _, body['query'] = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
     elif myarg in VAULT_QUERY_ARGS:
       _buildVaultQuery(myarg, body['query'], VAULT_CORPUS_ARGUMENT_MAP)
-    elif myarg == 'usenewexport':
-      useNewExport = getBoolean()
+    elif myarg == 'includeaccessinfo':
+      includeAccessInfo = getBoolean()
     elif myarg == 'format':
+      formatLocation = Cmd.Location()
       exportFormat = getChoice(VAULT_EXPORT_FORMAT_MAP, mapChoice=True)
+    elif myarg == 'usenewexport':
+      useNewExport = getBoolean()
     elif myarg == 'showconfidentialmodecontent':
       showConfidentialModeContent = getBoolean()
     elif myarg == 'exportlinkeddrivefiles':
       exportLinkedDriveFiles = getBoolean()
     elif myarg == 'region':
       body['exportOptions']['region'] = getChoice(VAULT_EXPORT_REGION_MAP, mapChoice=True)
-    elif myarg == 'includeaccessinfo':
-      body['exportOptions'].setdefault('driveOptions', {})['includeAccessInfo'] = getBoolean()
-    elif myarg == 'covereddata':
-      body['exportOptions'].setdefault('voiceOptions', {})['coveredData'] = getChoice(VAULT_VOICE_COVERED_DATA_MAP, mapChoice=True)
     elif myarg == 'showdetails':
       showDetails = True
       returnIdOnly = False
@@ -41958,15 +42274,19 @@ def doCreateVaultExport():
   if not matterId:
     missingArgumentExit('matter')
   _validateVaultQuery(body, VAULT_CORPUS_ARGUMENT_MAP)
-  if exportFormat is not None:
-    if not exportFormat in VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']]:
-      invalidChoiceExit(exportFormat, VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']], False)
-  elif body['query']['corpus'] != 'DRIVE':
-    exportFormat = VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']][0]
   if 'name' not in body:
     body['name'] = f'GAM {body["query"]["corpus"]} Export - {ISOformatTimeStamp(todaysTime())}'
   optionsField = VAULT_CORPUS_OPTIONS_MAP[body['query']['corpus']]
-  if body['query']['corpus'] != 'DRIVE':
+  if body['query']['corpus'] == 'DRIVE':
+    if includeAccessInfo is not None:
+      body['exportOptions'][optionsField] = {'includeAccessInfo': includeAccessInfo}
+  else:
+    if exportFormat is not None:
+      if not exportFormat in VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']]:
+        Cmd.SetLocation(formatLocation)
+        invalidChoiceExit(exportFormat, VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']], False)
+    else:
+      exportFormat = VAULT_CORPUS_EXPORT_FORMATS[body['query']['corpus']][0]
     body['exportOptions'][optionsField] = {'exportFormat': exportFormat}
     if body['query']['corpus'] == 'MAIL':
       if showConfidentialModeContent is not None:
@@ -42448,6 +42768,34 @@ def _showVaultHold(matterNameId, hold, cd, FJQC, k=0, kcount=0):
   showJSON(None, hold, timeObjects=VAULT_HOLD_TIME_OBJECTS)
   Ind.Decrement()
 
+def _useVaultQueryForHold(v, matterId, matterNameId, body):
+  _, _, _, query = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
+  body['corpus'] = query['corpus']
+  method = query.get('method')
+  if method == 'ACCOUNT':
+    body['accounts'] = []
+    for email in query['accountInfo']['emails']:
+      body['accounts'].append({'email': email})
+  elif method == 'ORG_UNIT':
+    body['orgUnit'] = {'orgUnitId': query['orgUnitInfo']['orgUnitId']}
+  queryType = VAULT_CORPUS_QUERY_MAP[query['corpus']]
+  if queryType is None:
+    return
+  body['query'] = {queryType: {}}
+  if query['corpus'] == 'DRIVE':
+    body['query'][queryType]['includeSharedDriveFiles'] = query['driveOptions'].get('includeSharedDrives', False)
+  elif query['corpus'] in {'GROUPS', 'MAIL'}:
+    if query.get('terms'):
+      body['query'][queryType]['terms'] = query['terms']
+    if query.get('startTime'):
+      body['query'][queryType]['startTime'] = query['startTime']
+    if query.get('endTime'):
+      body['query'][queryType]['endTime'] = query['endTime']
+  elif query['corpus'] == 'HANGOUTS_CHAT':
+    body['query'][queryType]['includeRooms'] = query['hangoutsChatOptions'].get('includeRooms', False)
+  elif query['corpus'] == 'VOICE':
+    body['query'][queryType]['coveredData'] = query['voiceOptions']['coveredData']
+
 def _getHoldQueryParameters(myarg, queryParameters):
   if myarg == 'query':
     queryParameters['queryLocation'] = Cmd.Location()
@@ -42463,7 +42811,8 @@ def _getHoldQueryParameters(myarg, queryParameters):
   elif myarg in {'includeshareddrives', 'includeteamdrives'}:
     queryParameters['includeSharedDriveFiles'] = getBoolean()
   elif myarg == 'covereddata':
-    queryParameters['coveredData'] = getChoice(VAULT_VOICE_COVERED_DATA_MAP, mapChoice=True)
+    queryParameters.setdefault('coveredData', [])
+    queryParameters['coveredData'].append(getChoice(VAULT_VOICE_COVERED_DATA_MAP, mapChoice=True))
   else:
     return False
   return True
@@ -42498,7 +42847,11 @@ def _setHoldQuery(body, queryParameters):
     if queryParameters.get('coveredData'):
       body['query'][queryType]['coveredData'] = queryParameters['coveredData']
 
-# gam create vaulthold|hold matter <MatterItem> [name <String>] corpus calendar|drive|mail|groups|hangouts_chat|voice
+# gam create vaulthold|hold matter <MatterItem> [name <String>]
+#	vaultquery <QueryItem>
+#	[showdetails|returnidonly]
+# gam create vaulthold|hold matter <MatterItem> [name <String>]
+#	corpus calendar|drive|mail|groups|hangouts_chat|voice
 #	[(accounts|groups|users <EmailItemList>) | (orgunit|org|ou <OrgUnit>)]
 #	[query <QueryVaultCorpus>]
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
@@ -42512,13 +42865,16 @@ def doCreateVaultHold():
   matterId = None
   accounts = []
   queryParameters = {}
-  returnIdOnly = showDetails = False
+  returnIdOnly = showDetails = usedVaultQuery  = False
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg == 'matter':
       matterId, matterNameId = getMatterItem(v)
     elif myarg == 'name':
       body['name'] = getString(Cmd.OB_STRING)
+    elif matterId is not None and myarg == 'vaultquery':
+      _useVaultQueryForHold(v, matterId, matterNameId, body)
+      usedVaultQuery = True
     elif myarg == 'corpus':
       body['corpus'] = getChoice(VAULT_CORPUS_ARGUMENT_MAP, mapChoice=True)
     elif myarg in {'accounts', 'users', 'groups'}:
@@ -42542,7 +42898,8 @@ def doCreateVaultHold():
     missingArgumentExit(f'corpus {"|".join(VAULT_CORPUS_ARGUMENT_MAP)}')
   if 'name' not in body:
     body['name'] = f'GAM {body["corpus"]} Hold - {ISOformatTimeStamp(todaysTime())}'
-  _setHoldQuery(body, queryParameters)
+  if not usedVaultQuery:
+    _setHoldQuery(body, queryParameters)
   if accounts:
     body['accounts'] = []
     cd = buildGAPIObject(API.DIRECTORY)
@@ -42975,6 +43332,116 @@ def _showVaultQuery(matterNameId, query, cd, drive, FJQC, k=0, kcount=0):
   showJSON(None, query, timeObjects=VAULT_QUERY_TIME_OBJECTS)
   Ind.Decrement()
 
+def doCreateCopyVaultQuery(copyCmd):
+  v = buildGAPIObject(API.VAULT)
+  body = {'query': {'dataScope': 'ALL_DATA'}, 'displayName': ''}
+  matterId, matterNameId = getMatterItem(v)
+  if copyCmd:
+    _, queryName, _, body['query'] = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
+  targetId = None
+  cd = drive = None
+  FJQC = FormatJSONQuoteChar()
+  returnIdOnly = showDetails = False
+  while Cmd.ArgumentsRemaining():
+    myarg = getArgument()
+    if myarg == 'name':
+      body['displayName'] = getString(Cmd.OB_STRING)
+    elif copyCmd and myarg == 'targetmatter':
+      targetId, targetNameId = getMatterItem(v)
+    elif not copyCmd and myarg in VAULT_QUERY_ARGS:
+      _buildVaultQuery(myarg, body['query'], VAULT_CORPUS_ARGUMENT_MAP)
+    elif myarg == 'shownames':
+      cd = buildGAPIObject(API.DIRECTORY)
+      _, drive = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
+      if drive is None:
+        return
+    elif myarg == 'showdetails':
+      showDetails = True
+      returnIdOnly = False
+    elif myarg == 'returnidonly':
+      returnIdOnly = True
+      showDetails = False
+    else:
+      FJQC.GetFormatJSON(myarg)
+  if copyCmd:
+    if targetId is None:
+      targetId = matterId
+      targetNameId = matterNameId
+    if not body['displayName']:
+      body['displayName'] = f'Copy of {queryName}' if matterId == targetId else queryName
+    resultId = targetId
+    resultNameId = targetNameId
+  else:
+    _validateVaultQuery(body, VAULT_CORPUS_ARGUMENT_MAP)
+    if not body['displayName']:
+      body['displayName'] = 'GAM {body["query"]["corpus"]} Query - {ISOformatTimeStamp(todaysTime())}'
+    resultId = matterId
+    resultNameId = matterNameId
+  try:
+    result = callGAPI(v.matters().savedQueries(), 'create',
+                      throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN, GAPI.INVALID_ARGUMENT, GAPI.ALREADY_EXISTS],
+                      matterId=resultId, body=body)
+    if not returnIdOnly:
+      if not FJQC.formatJSON:
+        entityActionPerformed([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, formatVaultNameId(result['displayName'], result['savedQueryId'])])
+      if showDetails or FJQC.formatJSON:
+        _showVaultQuery(resultNameId, result, cd, drive, FJQC)
+    else:
+      writeStdout(f'{result["savedQueryId"]}\n')
+  except (GAPI.notFound, GAPI.badRequest, GAPI.forbidden, GAPI.invalidArgument, GAPI.alreadyExists) as e:
+    entityActionFailedWarning([Ent.VAULT_MATTER, resultNameId, Ent.VAULT_QUERY, body['displayName']], str(e))
+
+# gam create vaultquery <MatterItem> [name <String>]
+#	corpus calendar|drive|gemini|groups|hangouts_chat|mail|voice
+#	[scope all_data|held_data|unprocessed_data]
+#	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone|entireorg
+#	(documentids  (<DriveFileIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	[(includeshareddrives <Boolean>)|(shareddrivesoption included|included_if_account_is_not_a_member|not_included)]
+#	(sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
+#	[driveversiondate <Date>|<Time>]
+#	[includerooms <Boolean>]
+#	(rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
+#	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
+#	[locationquery <StringList>] [peoplequery <StringList>] [minuswords <StringList>]
+#	[responsestatuses <AttendeeStatus>(,<AttendeeStatus>)*] [calendarversiondate <Date>|<Time>]
+#	(covereddata calllogs|textmessages|voicemails)*
+#	[<JSONData>]
+#	[shownames]
+#	[showdetails|returnidonly|formatjson]
+def doCreateVaultQuery():
+  doCreateCopyVaultQuery(False)
+
+# gam copy vaultquery <MatterItem> <QueryItem> [targetmatter <MatterItem>] [name <String>]
+#	[shownames]
+#	[showdetails|returnidonly|formatjson]
+def doCopyVaultQuery():
+  doCreateCopyVaultQuery(True)
+
+# gam delete vaultquery <QueryItem> matter <MatterItem>
+# gam delete vaultquery <MatterItem> <QueryItem>
+def doDeleteVaultQuery():
+  v = buildGAPIObject(API.VAULT)
+  if not Cmd.ArgumentIsAhead('matter'):
+    matterId, matterNameId = getMatterItem(v)
+    queryId, queryName, queryNameId, _ = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
+  else:
+    queryName = getString(Cmd.OB_QUERY_ITEM)
+  while Cmd.ArgumentsRemaining():
+    myarg = getArgument()
+    if myarg == 'matter':
+      matterId, matterNameId = getMatterItem(v)
+      queryId, queryName, queryNameId, _ = convertQueryNameToID(v, queryName, matterId, matterNameId)
+    else:
+      unknownArgumentExit()
+  try:
+    callGAPI(v.matters().savedQueries(), 'delete',
+             throwReasons=[GAPI.NOT_FOUND, GAPI.BAD_REQUEST, GAPI.FORBIDDEN, GAPI.INVALID_ARGUMENT],
+             matterId=matterId, savedQueryId=queryId)
+    entityActionPerformed([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, queryNameId])
+  except (GAPI.notFound, GAPI.badRequest, GAPI.forbidden, GAPI.invalidArgument) as e:
+    entityActionFailedWarning([Ent.VAULT_MATTER, matterNameId, Ent.VAULT_QUERY, queryNameId], str(e))
+
 VAULT_QUERY_FIELDS_CHOICE_MAP = {
   'createtime': 'createTime',
   'displayname': 'displayName',
@@ -42995,7 +43462,7 @@ def doInfoVaultQuery():
   v = buildGAPIObject(API.VAULT)
   if not Cmd.ArgumentIsAhead('matter'):
     matterId, matterNameId = getMatterItem(v)
-    queryId, queryName, queryNameId = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
+    queryId, queryName, queryNameId, _ = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
   else:
     queryName = getString(Cmd.OB_QUERY_ITEM)
   cd = drive = None
@@ -43005,7 +43472,7 @@ def doInfoVaultQuery():
     myarg = getArgument()
     if myarg == 'matter':
       matterId, matterNameId = getMatterItem(v)
-      queryId, queryName, queryNameId = convertQueryNameToID(v, queryName, matterId, matterNameId)
+      queryId, queryName, queryNameId, _ = convertQueryNameToID(v, queryName, matterId, matterNameId)
     elif myarg == 'shownames':
       cd = buildGAPIObject(API.DIRECTORY)
       _, drive = buildGAPIServiceObject(API.DRIVE3, _getAdminEmail())
@@ -43460,14 +43927,16 @@ def doPrintShowVaultMatters():
 PRINT_VAULT_COUNTS_TITLES = ['account', 'count', 'error']
 
 # gam print vaultcounts [todrive <ToDriveAttributes>*]
-#	matter <MatterItem> corpus mail|groups
-#	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone
-#	(shareddrives|teamdrives (<SharedDriveIDList>|(select <FileSelector>|<CSVFileSelector>))) |
-#	    (rooms (<ChatSpaceList>|(select <FileSelector>|<CSVFileSelector>))) |
-#	    (sitesurl (<URLList>||(select <FileSelector>|<CSVFileSelector>)))
-#	[scope <all_data|held_data|unprocessed_data>]
+#	matter <MatterItem> <QueryItem>
+#	[wait <Integer>]
+# gam print vaultcounts [todrive <ToDriveAttributes>*]
+#	matter <MatterItem>
+#	corpus mail|groups
+#	[scope all_data|held_data|unprocessed_data]
+#	(accounts <EmailAddressEntity>) | (orgunit|org|ou <OrgUnitPath>) | everyone|entireorg
 #	[terms <String>] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>] [timezone <TimeZone>]
 #	[excludedrafts <Boolean>]
+#	[<JSONData>]
 #	[wait <Integer>]
 # gam print vaultcounts [todrive <ToDriveAttributes>*]
 #	 matter <MatterItem> operation <String> [wait <Integer>]
@@ -43476,18 +43945,19 @@ def doPrintVaultCounts():
   csvPF = CSVPrintFile(PRINT_VAULT_COUNTS_TITLES, 'sortall')
   matterId = name = None
   operationWait = 15
-  body = {'view': 'ALL'}
-  query = {}
+  body = {'view': 'ALL', 'query': {}}
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
       csvPF.GetTodriveParameters()
     elif myarg == 'matter':
-      matterId, _ = getMatterItem(v)
+      matterId, matterNameId = getMatterItem(v)
+    elif matterId is not None and myarg == 'vaultquery':
+      _, _, _, body['query'] = convertQueryNameToID(v, getString(Cmd.OB_QUERY_ITEM), matterId, matterNameId)
     elif myarg == 'operation':
       name = getString(Cmd.OB_STRING)
     elif myarg in VAULT_QUERY_ARGS:
-      _buildVaultQuery(myarg, query, VAULT_COUNTS_CORPUS_ARGUMENT_MAP)
+      _buildVaultQuery(myarg, body['query'], VAULT_COUNTS_CORPUS_ARGUMENT_MAP)
     elif myarg == 'wait':
       operationWait = getInteger(minVal=1)
     else:
@@ -43498,7 +43968,6 @@ def doPrintVaultCounts():
     operation = {'name': name}
     doWait = False
   else:
-    body['query'] = query
     _validateVaultQuery(body, VAULT_COUNTS_CORPUS_ARGUMENT_MAP)
     try:
       operation = callGAPI(v.matters(), 'count',
@@ -43522,7 +43991,7 @@ def doPrintVaultCounts():
     doWait = True
   response = operation.get('response', {})
   query = operation['metadata']['query']
-  search_method = query.get('searchMethod')
+  search_method = query.get('method')
   # ARGH count results don't include accounts with zero items.
   # so we keep track of which accounts we searched and can report
   # zero data for them.
@@ -43868,6 +44337,28 @@ USER_JSON_SKIP_FIELDS = ['agreedToTerms', 'aliases', 'creationTime', 'customerId
 
 ALLOW_EMPTY_CUSTOM_TYPE = 'allowEmptyCustomType'
 
+def getNotifyArguments(myarg, notify, userNotification):
+  if myarg == 'notify':
+    if userNotification:
+      notify['recipients'].extend(getNormalizedEmailAddressEntity(shlexSplit=True, noLower=True))
+    else: #delegateNotificatiomn
+      notify['notify'] = getBoolean()
+  elif myarg == 'subject':
+    notify['subject'] = getString(Cmd.OB_STRING)
+  elif myarg in SORF_MSG_FILE_ARGUMENTS:
+    notify['message'], notify['charset'], notify['html'] = getStringOrFile(myarg)
+  elif myarg == 'html':
+    notify['html'] = getBoolean()
+  elif myarg == 'from':
+    notify['from'] = getString(Cmd.OB_EMAIL_ADDRESS)
+  elif myarg == 'mailbox':
+    notify['mailbox'] = getString(Cmd.OB_EMAIL_ADDRESS)
+  elif myarg == 'replyto':
+    notify['replyto'] = getString(Cmd.OB_EMAIL_ADDRESS)
+  else:
+    return False
+  return True
+
 def getUserAttributes(cd, updateCmd, noUid=False):
   def getKeywordAttribute(keywords, attrdict, **opts):
     if Cmd.ArgumentsRemaining():
@@ -43955,6 +44446,7 @@ def getUserAttributes(cd, updateCmd, noUid=False):
     invalidArgumentExit(Cmd.OB_SCHEMA_NAME_FIELD_NAME)
 
   parameters = {
+    'notifyRecoveryEmail': False,
     'verifyNotInvitable': False,
     'createIfNotFound': False,
     'noActionIfAlias': False,
@@ -43971,7 +44463,7 @@ def getUserAttributes(cd, updateCmd, noUid=False):
     body = {'name': {'givenName': UNKNOWN, 'familyName': UNKNOWN}}
     body['primaryEmail'] = getEmailAddress(noUid=noUid)
   notFoundBody = {}
-  notify = {'subject': '', 'message': '', 'html': False, 'charset': UTF8, 'password': ''}
+  notify = {'recipients': [], 'subject': '', 'message': '', 'html': False, 'charset': UTF8, 'password': ''}
   primary = {}
   updatePrimaryEmail = {}
   groupOrgUnitMap = None
@@ -43982,20 +44474,10 @@ def getUserAttributes(cd, updateCmd, noUid=False):
   resolveConflictAccount = True
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
-    if myarg == 'notify':
-      notify['recipients'] = getNormalizedEmailAddressEntity(shlexSplit=True, noLower=True)
-    elif myarg == 'subject':
-      notify['subject'] = getString(Cmd.OB_STRING)
-    elif myarg in SORF_MSG_FILE_ARGUMENTS:
-      notify['message'], notify['charset'], notify['html'] = getStringOrFile(myarg)
-    elif myarg == 'html':
-      notify['html'] = getBoolean()
-    elif myarg == 'from':
-      notify['from'] = getString(Cmd.OB_EMAIL_ADDRESS)
-    elif myarg == 'replyto':
-      notify['replyto'] = getString(Cmd.OB_EMAIL_ADDRESS)
-    elif myarg == 'mailbox':
-      notify['mailbox'] = getString(Cmd.OB_EMAIL_ADDRESS)
+    if getNotifyArguments(myarg, notify, True):
+      pass
+    elif myarg == 'notifyrecoveryemail':
+      parameters['notifyRecoveryEmail'] = True
     elif PwdOpts.ProcessArgument(myarg, notify, notFoundBody):
       pass
     elif _getTagReplacement(myarg, tagReplacements, True):
@@ -44399,14 +44881,14 @@ def createUserAddAliases(cd, user, aliasList, i, count):
 #	(groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
 #	[alias|aliases <EmailAddressList>]
 #	[license <SKUID> [product|productid <ProductID>]]
-#	[notify <EmailAddressList>
+#	[[notify <EmailAddressList>] [notifyrecoveryemail]
 #	    [subject <String>]
-#	    [notifypassword <String>]
-#	    [from <EmailAaddress>]
+#	    [from <EmailAaddress>] [mailbox <EmailAddress>]
 #	    [replyto <EmailAaddress>]
-#	    [<NotifyMessageContent>]
-#	    (replace <Tag> <UserReplacement>)*
-#	    (replaceregex <REMatchPattern> <RESubstitution> <Tag> <UserReplacement>)*]
+#	    [notifypassword <String>]
+#	    [<NotifyMessageContent>] [html [<Boolean>]]
+#	        (replace <Tag> <UserReplacement>)*
+#	        (replaceregex <REMatchPattern> <RESubstitution> <Tag> <UserReplacement>)*]
 #	[logpassword <FileName>] [ignorenullpassword]
 #	[addnumericsuffixonduplicate <Number>]
 def doCreateUser():
@@ -44417,7 +44899,7 @@ def doCreateUser():
   suffix = 0
   originalEmail = body['primaryEmail']
   atLoc = originalEmail.find('@')
-  fields = '*' if tagReplacements['subs'] else 'primaryEmail,name'
+  fields = '*' if tagReplacements['subs'] else 'primaryEmail,name,recoveryEmail'
   while True:
     user = body['primaryEmail']
     if parameters['verifyNotInvitable']:
@@ -44458,7 +44940,9 @@ def doCreateUser():
     createUserAddToGroups(cd, result['primaryEmail'], addGroups, 0, 0)
   if addAliases:
     createUserAddAliases(cd, result['primaryEmail'], addAliases, 0, 0)
-  if notify.get('recipients'):
+  if (notify.get('recipients') or (parameters['notifyRecoveryEmail'] and result.get('recoveryEmail'))):
+    if parameters['notifyRecoveryEmail'] and result.get('recoveryEmail'):
+      notify['recipients'].append(result['recoveryEmail'])
     sendCreateUpdateUserNotification(result, notify, tagReplacements)
   for productSku in parameters[LICENSE_PRODUCT_SKUIDS]:
     productId = productSku[0]
@@ -44501,14 +44985,14 @@ def verifyUserPrimaryEmail(cd, user, createIfNotFound, i, count):
 #	[createifnotfound] [notfoundpassword (random [<Integer>])|blocklogin|<Password>]
 #	(groups [<GroupRole>] [[delivery] <DeliverySetting>] <GroupEntity>)*
 #	[alias|aliases <EmailAddressList>]
-#	[notify <EmailAddressList>
+#	[[notify <EmailAddressList>] [notifyrecoveryemail]
 #	    [subject <String>]
-#	    [notifypassword <String>]
-#	    [from <EmailAaddress>]
+#	    [from <EmailAaddress>] [mailbox <EmailAddress>]
 #	    [replyto <EmailAaddress>]
-#	    [<NotifyMessageContent>
+#	    [<NotifyMessageContent> [html [<Boolean>]]
 #	        (replace <Tag> <UserReplacement>)*
 #	        (replaceregex <REMatchPattern> <RESubstitution> <Tag> <UserReplacement>)*]
+#	    [notifypassword <String>]]
 #	[notifyonupdate [<Boolean>]]
 #	[logpassword <FileName>] [ignorenullpassword]
 def updateUsers(entityList):
@@ -44530,7 +45014,7 @@ def updateUsers(entityList):
   else:
     checkImmutableOUs = False
   i, count, entityList = getEntityArgument(entityList)
-  fields = '*' if tagReplacements['subs'] else 'primaryEmail,name'
+  fields = '*' if tagReplacements['subs'] else 'primaryEmail,name,recoveryEmail'
   for user in entityList:
     i += 1
     user = userKey = normalizeEmailAddressOrUID(user)
@@ -44606,7 +45090,10 @@ def updateUsers(entityList):
             entityActionPerformed([Ent.USER, user], i, count)
             if PwdOpts.filename and PwdOpts.password:
               writeFile(PwdOpts.filename, f'{userKey},{PwdOpts.password}\n', mode='a', continueOnError=True)
-            if parameters['notifyOnUpdate'] and notify.get('recipients') and notify['password']:
+            if (parameters['notifyOnUpdate'] and notify['password'] and
+                (notify.get('recipients') or (parameters['notifyRecoveryEmail'] and result.get('recoveryEmail')))):
+              if parameters['notifyRecoveryEmail'] and result.get('recoveryEmail'):
+                notify['recipients'].append(result['recoveryEmail'])
               sendCreateUpdateUserNotification(result, notify, tagReplacements, i, count, createMessage=False)
             break
           except GAPI.conditionNotMet as e:
@@ -44640,8 +45127,10 @@ def updateUsers(entityList):
                     createUserAddToGroups(cd, result['primaryEmail'], addGroups, i, count)
                   if addAliases:
                     createUserAddAliases(cd, result['primaryEmail'], addAliases, i, count)
-                  if notify.get('recipients'):
+                  if (notify.get('recipients') or (parameters['notifyRecoveryEmail'] and result.get('recoveryEmail'))):
                     notify['password'] = notify['notFoundPassword']
+                    if parameters['notifyRecoveryEmail'] and result.get('recoveryEmail'):
+                      notify['recipients'].append(result['recoveryEmail'])
                     sendCreateUpdateUserNotification(result, notify, tagReplacements, i, count)
                 except GAPI.duplicate:
                   duplicateAliasGroupUserWarning(cd, [Ent.USER, body['primaryEmail']], i, count)
@@ -45688,7 +46177,7 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	[userview] [basic|full|allfields | <UserFieldName>* | fields <UserFieldNameList>]
 #	[delimiter <Character>] [sortheaders] [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
 #	[convertcrnl]
-#	[issuspended <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)*
 #
@@ -45701,7 +46190,7 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	[userview] [basic|full|allfields | <UserFieldName>* | fields <UserFieldNameList>]
 #	[delimiter <Character>] [sortheaders] [formatjson [quotechar <Character>]] [quoteplusphonenumbers]
 #	[convertcrnl]
-#	[issuspended <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)*
 #
@@ -45709,13 +46198,13 @@ USERS_INDEXED_TITLES = ['addresses', 'aliases', 'nonEditableAliases', 'emails',
 #	([domain <DomainName>] [(query <QueryUser>)|(queries <QueryUserList>)]
 #	 [limittoou <OrgUnitItem>] [deleted_only|only_deleted])|[select <UserTypeEntity>]
 #	[formatjson [quotechar <Character>]] [countonly]
-#	[issuspended <Boolean>] [aliasmatchpattern <REMatchPattern>]
+#	[issuspended <Boolean>] [isarchived <Boolean>] [aliasmatchpattern <REMatchPattern>]
 # 	[showitemcountonly]
 #	[showvalidcolumn] (addcsvdata <FieldName> <String>)*
 #
 # gam <UserTypeEntity> print users [todrive <ToDriveAttribute>*]
 #	[formatjson [quotechar <Character>]] [countonly]
-#	[issuspended <Boolean>]
+#	[issuspended <Boolean>] [isarchived <Boolean>]
 # 	[showitemcountonly]
 def doPrintUsers(entityList=None):
   def _writeUserEntity(userEntity):
@@ -45733,71 +46222,81 @@ def doPrintUsers(entityList=None):
       csvPF.WriteRowNoFilter(row)
 
   def _printUser(userEntity, i, count):
-    if isSuspended is None or isSuspended == userEntity.get('suspended', isSuspended):
-      if showValidColumn:
-        userEntity[showValidColumn] = True
-      userEmail = userEntity['primaryEmail']
-      if printOptions['emailParts']:
-        if userEmail.find('@') != -1:
-          userEntity['primaryEmailLocal'], userEntity['primaryEmailDomain'] = splitEmailAddress(userEmail)
-      if 'languages' in userEntity and not FJQC.formatJSON:
-        userEntity['languages'] = _formatLanguagesList(userEntity.pop('languages'), delimiter)
-      for location in userEntity.get('locations', []):
-        location['buildingName'] = _getBuildingNameById(cd, location.get('buildingId', ''))
-      if quotePlusPhoneNumbers:
-        for phone in userEntity.get('phones', []):
-          phoneNumber = phone.get('value', '')
-          if phoneNumber.startswith('+'):
-            phone['value'] = "'"+phoneNumber
-      if schemaParms['selectedSchemaFields']:
-        _filterSchemaFields(userEntity, schemaParms)
-      if printOptions['getGroupFeed']:
-        printGettingAllEntityItemsForWhom(Ent.GROUP_MEMBERSHIP, userEmail, i, count)
-        try:
-          groups = callGAPIpages(cd.groups(), 'list', 'groups',
-                                 pageMessage=getPageMessageForWhom(),
-                                 throwReasons=GAPI.GROUP_LIST_USERKEY_THROW_REASONS,
-                                 retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
-                                 userKey=userEmail, orderBy='email', fields='nextPageToken,groups(email)')
-          numGroups = len(groups)
-          if not printOptions['groupsInColumns']:
-            userEntity['GroupsCount'] = numGroups
-            userEntity['Groups'] = delimiter.join([groupname['email'] for groupname in groups])
-          else:
-            if numGroups > printOptions['maxGroups']:
-              printOptions['maxGroups'] = numGroups
-            userEntity['Groups'] = numGroups
-            for j, group in enumerate(groups):
-              userEntity[f'Groups{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}{j}'] = group['email']
-        except (GAPI.invalidMember, GAPI.invalidInput):
-          badRequestWarning(Ent.GROUP, Ent.MEMBER, userEmail)
-        except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.forbidden, GAPI.badRequest):
-          accessErrorExit(cd)
-      if aliasMatchPattern and 'aliases' in userEntity:
-        userEntity['aliases'] = [alias for alias in userEntity['aliases'] if aliasMatchPattern.match(alias)]
-      if printOptions['getLicenseFeed'] or printOptions['getLicenseFeedByUser']:
-        if printOptions['getLicenseFeed']:
-          u_licenses = licenses.get(userEmail.lower(), [])
+    if (isSuspended is None and isArchived is None):
+      showUser = True
+    elif (isSuspended is not None and isArchived is None):
+      showUser = isSuspended == userEntity.get('suspended', isSuspended)
+    elif (isSuspended is None and isArchived is not  None):
+      showUser = isArchived == userEntity.get('archived', isArchived)
+    else:
+      showUser = ((isSuspended == userEntity.get('suspended', isSuspended)) or
+                  (isArchived == userEntity.get('archived', isArchived)))
+    if not showUser:
+      return
+    if showValidColumn:
+      userEntity[showValidColumn] = True
+    userEmail = userEntity['primaryEmail']
+    if printOptions['emailParts']:
+      if userEmail.find('@') != -1:
+        userEntity['primaryEmailLocal'], userEntity['primaryEmailDomain'] = splitEmailAddress(userEmail)
+    if 'languages' in userEntity and not FJQC.formatJSON:
+      userEntity['languages'] = _formatLanguagesList(userEntity.pop('languages'), delimiter)
+    for location in userEntity.get('locations', []):
+      location['buildingName'] = _getBuildingNameById(cd, location.get('buildingId', ''))
+    if quotePlusPhoneNumbers:
+      for phone in userEntity.get('phones', []):
+        phoneNumber = phone.get('value', '')
+        if phoneNumber.startswith('+'):
+          phone['value'] = "'"+phoneNumber
+    if schemaParms['selectedSchemaFields']:
+      _filterSchemaFields(userEntity, schemaParms)
+    if printOptions['getGroupFeed']:
+      printGettingAllEntityItemsForWhom(Ent.GROUP_MEMBERSHIP, userEmail, i, count)
+      try:
+        groups = callGAPIpages(cd.groups(), 'list', 'groups',
+                               pageMessage=getPageMessageForWhom(),
+                               throwReasons=GAPI.GROUP_LIST_USERKEY_THROW_REASONS,
+                               retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
+                               userKey=userEmail, orderBy='email', fields='nextPageToken,groups(email)')
+        numGroups = len(groups)
+        if not printOptions['groupsInColumns']:
+          userEntity['GroupsCount'] = numGroups
+          userEntity['Groups'] = delimiter.join([groupname['email'] for groupname in groups])
         else:
-          u_licenses = getUserLicenses(lic, userEntity, skus)
-        if not oneLicensePerRow:
-          userEntity['LicensesCount'] = len(u_licenses)
-          if u_licenses:
-            userEntity['Licenses'] = delimiter.join(u_licenses)
-            userEntity['LicensesDisplay'] = delimiter.join([SKU.skuIdToDisplayName(skuId) for skuId in u_licenses])
+          if numGroups > printOptions['maxGroups']:
+            printOptions['maxGroups'] = numGroups
+          userEntity['Groups'] = numGroups
+          for j, group in enumerate(groups):
+            userEntity[f'Groups{GC.Values[GC.CSV_OUTPUT_SUBFIELD_DELIMITER]}{j}'] = group['email']
+      except (GAPI.invalidMember, GAPI.invalidInput):
+        badRequestWarning(Ent.GROUP, Ent.MEMBER, userEmail)
+      except (GAPI.resourceNotFound, GAPI.domainNotFound, GAPI.forbidden, GAPI.badRequest):
+        accessErrorExit(cd)
+    if aliasMatchPattern and 'aliases' in userEntity:
+      userEntity['aliases'] = [alias for alias in userEntity['aliases'] if aliasMatchPattern.match(alias)]
+    if printOptions['getLicenseFeed'] or printOptions['getLicenseFeedByUser']:
+      if printOptions['getLicenseFeed']:
+        u_licenses = licenses.get(userEmail.lower(), [])
       else:
-        u_licenses = []
+        u_licenses = getUserLicenses(lic, userEntity, skus)
       if not oneLicensePerRow:
-        _writeUserEntity(userEntity)
-      else:
+        userEntity['LicensesCount'] = len(u_licenses)
         if u_licenses:
-          for skuId in u_licenses:
-            userEntity['License'] = skuId
-            userEntity['LicenseDisplay'] = SKU.skuIdToDisplayName(skuId)
-            _writeUserEntity(userEntity)
-        else:
-          userEntity['License'] = userEntity['LicenseDisplay'] = ''
+          userEntity['Licenses'] = delimiter.join(u_licenses)
+          userEntity['LicensesDisplay'] = delimiter.join([SKU.skuIdToDisplayName(skuId) for skuId in u_licenses])
+    else:
+      u_licenses = []
+    if not oneLicensePerRow:
+      _writeUserEntity(userEntity)
+    else:
+      if u_licenses:
+        for skuId in u_licenses:
+          userEntity['License'] = skuId
+          userEntity['LicenseDisplay'] = SKU.skuIdToDisplayName(skuId)
           _writeUserEntity(userEntity)
+      else:
+        userEntity['License'] = userEntity['LicenseDisplay'] = ''
+        _writeUserEntity(userEntity)
 
   def _updateDomainCounts(emailAddress):
     nonlocal domainCounts
@@ -45871,7 +46370,7 @@ def doPrintUsers(entityList=None):
   schemaParms = _initSchemaParms('basic')
   projectionSet = False
   oneLicensePerRow = quotePlusPhoneNumbers = showDeleted = False
-  aliasMatchPattern = isSuspended = orgUnitPath = orgUnitPathLower = orderBy = sortOrder = None
+  aliasMatchPattern = isArchived = isSuspended = orgUnitPath = orgUnitPathLower = orderBy = sortOrder = None
   viewType = 'admin_view'
   delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
   showValidColumn = ''
@@ -45892,6 +46391,8 @@ def doPrintUsers(entityList=None):
       _, entityList = getEntityToModify(defaultEntityType=Cmd.ENTITY_USERS)
     elif myarg == 'issuspended':
       isSuspended = getBoolean()
+    elif myarg == 'isarchived':
+      isArchived = getBoolean()
     elif myarg == 'orderby':
       orderBy, sortOrder = getOrderBySortOrder(USERS_ORDERBY_CHOICE_MAP)
     elif myarg == 'userview':
@@ -46004,7 +46505,7 @@ def doPrintUsers(entityList=None):
     for kwargsQuery in makeUserGroupDomainQueryFilters(kwargsDict):
       kwargs = kwargsQuery[0]
       query  = kwargsQuery[1]
-      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended)
+      query, pquery = userFilters(kwargs, query, orgUnitPath, isSuspended, isArchived)
       printGettingAllAccountEntities(Ent.USER, pquery)
       pageMessage = getPageMessage(showFirstLastItems=True)
       try:
@@ -46014,9 +46515,9 @@ def doPrintUsers(entityList=None):
                                             GAPI.BAD_REQUEST, GAPI.RESOURCE_NOT_FOUND, GAPI.FORBIDDEN,
                                             GAPI.UNKNOWN_ERROR, GAPI.FAILED_PRECONDITION],
                               retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS+[GAPI.UNKNOWN_ERROR, GAPI.FAILED_PRECONDITION],
-                              query=query, fields=fields,
                               showDeleted=showDeleted, orderBy=orderBy, sortOrder=sortOrder, viewType=viewType,
                               projection=schemaParms['projection'], customFieldMask=schemaParms['customFieldMask'],
+                              query=query, fields=fields,
                               maxResults=maxResults, **kwargs)
         for users in feed:
           if orgUnitPath is None:
@@ -46069,6 +46570,8 @@ def doPrintUsers(entityList=None):
 # If no individual fields were specified (allfields, basic, full) or individual fields other than primaryEmail were specified, look up each user
     if isSuspended is not None and fieldsList:
       fieldsList.append('suspended')
+    if isArchived is not None and fieldsList:
+      fieldsList.append('archived')
     if projectionSet or len(set(fieldsList)) > 1 or showValidColumn:
       jcount = len(entityList)
       fields = getFieldsFromFieldsList(fieldsList)
@@ -46864,7 +47367,7 @@ def doCreateInboundSSOCredential():
                                                         count, Ent.Choose(Ent.INBOUND_SSO_CREDENTIALS, count)))
   if generateKey:
     privKey, pemData = _generatePrivateKeyAndPublicCert('', '', 'GAM', keySize, b64enc_pub=False)
-    timestamp = datetime.datetime.now(GC.Values[GC.TIMEZONE]).strftime('%Y%m%d-%I%M%S')
+    timestamp = arrow.now(GC.Values[GC.TIMEZONE]).strftime('%Y%m%d-%I%M%S')
     priv_file = f'privatekey-{timestamp}.pem'
     writeFile(priv_file, privKey)
     writeStdout(Msg.WROTE_PRIVATE_KEY_DATA.format(priv_file))
@@ -47936,8 +48439,8 @@ class CourseAttributes():
   def checkDueDate(self, body):
     if 'dueDate' in body and 'dueTime' in body:
       try:
-        return self.currDateTime < datetime.datetime(body['dueDate']['year'], body['dueDate']['month'], body['dueDate']['day'],
-                                                     body['dueTime'].get('hours', 0), body['dueTime'].get('minutes', 0), tzinfo=iso8601.UTC)
+        return self.currDateTime < arrow.Arrow(body['dueDate']['year'], body['dueDate']['month'], body['dueDate']['day'],
+                                               body['dueTime'].get('hours', 0), body['dueTime'].get('minutes', 0), tzinfo='UTC')
       except ValueError:
         pass
     return False
@@ -48119,7 +48622,7 @@ class CourseAttributes():
     entityPerformActionModifierItemValueList([Ent.COURSE, newCourse['id']], Act.MODIFIER_FROM, [Ent.COURSE, self.courseId], i, count)
     Ind.Increment()
     if not self.removeDueDate:
-      self.currDateTime = datetime.datetime.now(iso8601.UTC)
+      self.currDateTime = arrow.utcnow()
     self.CopyAttributes(newCourse, i, count)
     if self.csvPF:
       self.csvPF.writeCSVfile('Course Drive File IDs')
@@ -48640,13 +49143,15 @@ def _doInfoCourses(courseIdList):
 
 # gam info courses <CourseEntity> [owneraccess]
 #	[owneremail] [alias|aliases] [show none|all|students|teachers] [countsonly]
-#	[fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>] [formatjson]
+#	[fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>]
+#	[formatjson]
 def doInfoCourses():
   _doInfoCourses(getEntityList(Cmd.OB_COURSE_ENTITY, shlexSplit=True))
 
 # gam info course <CourseID> [owneraccess]
 #	[owneremail] [alias|aliases] [show none|all|students|teachers] [countsonly]
-#	[fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>] [formatjson]
+#	[fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>]
+#	[formatjson]
 def doInfoCourse():
   _doInfoCourses(getStringReturnInList(Cmd.OB_COURSE_ID))
 
@@ -48699,7 +49204,7 @@ def _courseItemPassesFilter(item, courseItemFilter):
     return False
   startTime = courseItemFilter['startTime']
   endTime = courseItemFilter['endTime']
-  timeValue, _ = iso8601.parse_date(timeStr)
+  timeValue = arrow.get(timeStr)
   return ((startTime is None) or (timeValue >= startTime)) and ((endTime is None) or (timeValue <= endTime))
 
 def _gettingCoursesQuery(courseSelectionParameters):
@@ -48762,6 +49267,7 @@ def _getCoursesInfo(croom, courseSelectionParameters, courseShowProperties, getO
 #	[show none|all|students|teachers] [countsonly]
 #	[fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>]
 #	[timefilter creationtime|updatetime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
+#	(addcsvdata <FieldName> <String>)*
 #	[showitemcountonly] [formatjson [quotechar <Character>]]
 def doPrintCourses():
   def _saveParticipants(course, participants, role, rtitles):
@@ -48805,6 +49311,7 @@ def doPrintCourses():
   delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
   showItemCountOnly = False
   useOwnerAccess = GC.Values[GC.USE_COURSE_OWNER_ACCESS]
+  addCSVData = {}
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if myarg == 'todrive':
@@ -48819,6 +49326,9 @@ def doPrintCourses():
       pass
     elif myarg == 'showitemcountonly':
       showItemCountOnly = True
+    elif myarg == 'addcsvdata':
+      k = getString(Cmd.OB_STRING)
+      addCSVData[k] = getString(Cmd.OB_STRING, minLen=0)
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
   applyCourseItemFilter = _setApplyCourseItemFilter(courseItemFilter, None)
@@ -48830,6 +49340,11 @@ def doPrintCourses():
     if showItemCountOnly:
       writeStdout('0\n')
     return
+  if addCSVData:
+    csvPF.AddTitles(sorted(addCSVData.keys()))
+    if FJQC.formatJSON:
+      csvPF.AddJSONTitles(sorted(addCSVData.keys()))
+      csvPF.MoveJSONTitlesToEnd(['JSON'])
   if courseShowProperties['aliases']:
     if FJQC.formatJSON:
       csvPF.AddJSONTitles('JSON-aliases')
@@ -48887,11 +49402,15 @@ def doPrintCourses():
       if courseShowProperties['members'] != 'teachers':
         _saveParticipants(course, students, 'students', stitles)
     row = flattenJSON(course, timeObjects=COURSE_TIME_OBJECTS, noLenObjects=COURSE_NOLEN_OBJECTS)
+    if addCSVData:
+      row.update(addCSVData)
     if not FJQC.formatJSON:
       csvPF.WriteRowTitles(row)
     elif csvPF.CheckRowTitles(row):
       row = {'id': courseId, 'JSON': json.dumps(cleanJSON(course, timeObjects=COURSE_TIME_OBJECTS),
                                                 ensure_ascii=False, sort_keys=True)}
+      if addCSVData:
+        row.update(addCSVData)
       if courseShowProperties['aliases']:
         row['JSON-aliases'] = json.dumps(list(aliases))
       if courseShowProperties['members'] != 'none':
@@ -48964,7 +49483,7 @@ COURSE_ANNOUNCEMENTS_INDEXED_TITLES = ['materials']
 #	(orderby <CourseAnnouncementOrderByFieldName> [ascending|descending])*)
 #	[showcreatoremails|creatoremail] [fields <CourseAnnouncementFieldNameList>]
 #	[timefilter creationtime|updatetime|scheduledtime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
-#	[countsonly] [formatjson [quotechar <Character>]]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def doPrintCourseAnnouncements():
   def _printCourseAnnouncement(course, courseAnnouncement, i, count):
     if applyCourseItemFilter and not _courseItemPassesFilter(courseAnnouncement, courseItemFilter):
@@ -49020,6 +49539,8 @@ def doPrintCourseAnnouncements():
   coursesInfo = _getCoursesInfo(croom, courseSelectionParameters, courseShowProperties)
   if coursesInfo is None:
     return
+  if countsOnly:
+    csvPF.SetFormatJSON(False)
   applyCourseItemFilter = _setApplyCourseItemFilter(courseItemFilter, fieldsList)
   if showCreatorEmail and fieldsList:
     fieldsList.append('creatorUserId')
@@ -49076,7 +49597,7 @@ COURSE_TOPICS_SORT_TITLES = ['courseId', 'courseName', 'topicId', 'name', 'updat
 #	(course|class <CourseEntity>)*|([teacher <UserItem>] [student <UserItem>] states <CourseStateList>])
 #	[topicids <CourseTopicIDEntity>]
 #	[timefilter updatetime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
-#	[countsonly] [formatjson [quotechar <Character>]]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def doPrintCourseTopics():
   def _printCourseTopic(course, courseTopic):
     if applyCourseItemFilter and not _courseItemPassesFilter(courseTopic, courseItemFilter):
@@ -49117,6 +49638,8 @@ def doPrintCourseTopics():
   coursesInfo = _getCoursesInfo(croom, courseSelectionParameters, courseShowProperties)
   if coursesInfo is None:
     return
+  if countsOnly:
+    csvPF.SetFormatJSON(False)
   applyCourseItemFilter = _setApplyCourseItemFilter(courseItemFilter, fieldsList)
   courseTopicIdsLists = courseTopicIds if isinstance(courseTopicIds, dict) else None
   i = 0
@@ -49250,6 +49773,16 @@ def doPrintCourseWM(entityIDType, entityStateType):
       pass
     return topicNames
 
+  def _printCourseWMrow(course, courseWM):
+    row = flattenJSON(courseWM, flattened={'courseId': course['id'], 'courseName': course['name']}, timeObjects=TimeObjects,
+                      simpleLists=['studentIds'] if showStudentsAsList else None, delimiter=delimiter)
+    if not FJQC.formatJSON:
+      csvPF.WriteRowTitles(row)
+    elif csvPF.CheckRowTitles(row):
+      csvPF.WriteRowNoFilter({'courseId': course['id'], 'courseName': course['name'],
+                              'JSON': json.dumps(cleanJSON(courseWM, timeObjects=TimeObjects),
+                                                 ensure_ascii=False, sort_keys=True)})
+
   def _printCourseWM(course, courseWM, i, count):
     if applyCourseItemFilter and not _courseItemPassesFilter(courseWM, courseItemFilter):
       return
@@ -49261,14 +49794,13 @@ def doPrintCourseWM(entityIDType, entityStateType):
       topicId = courseWM.get('topicId')
       if topicId:
         courseWM['topicName'] = topicNames.get(topicId, topicId)
-    row = flattenJSON(courseWM, flattened={'courseId': course['id'], 'courseName': course['name']}, timeObjects=TimeObjects,
-                      simpleLists=['studentIds'] if showStudentsAsList else None, delimiter=delimiter)
-    if not FJQC.formatJSON:
-      csvPF.WriteRowTitles(row)
-    elif csvPF.CheckRowTitles(row):
-      csvPF.WriteRowNoFilter({'courseId': course['id'], 'courseName': course['name'],
-                              'JSON': json.dumps(cleanJSON(courseWM, timeObjects=TimeObjects),
-                                                 ensure_ascii=False, sort_keys=True)})
+    if not oneItemPerRow or not courseWM.get('materials', []):
+      _printCourseWMrow(course, courseWM)
+    else:
+      courseMaterials = courseWM.pop('materials')
+      for courseMaterial in courseMaterials:
+        courseWM['materials'] = courseMaterial
+        _printCourseWMrow(course, courseWM)
 
   croom = buildGAPIObject(API.CLASSROOM)
   if entityIDType == Ent.COURSE_WORK_ID:
@@ -49306,7 +49838,7 @@ def doPrintCourseWM(entityIDType, entityStateType):
   courseShowProperties = _initCourseShowProperties(['name'])
   OBY = OrderBy(OrderbyChoiceMap)
   creatorEmails = {}
-  showCreatorEmail = showTopicNames = False
+  oneItemPerRow = showCreatorEmail = showTopicNames = False
   delimiter = GC.Values[GC.CSV_OUTPUT_FIELD_DELIMITER]
   countsOnly = showStudentsAsList = False
   while Cmd.ArgumentsRemaining():
@@ -49323,6 +49855,9 @@ def doPrintCourseWM(entityIDType, entityStateType):
       pass
     elif myarg == 'orderby':
       OBY.GetChoice()
+    elif myarg == 'oneitemperrow':
+      oneItemPerRow = True
+      csvPF.RemoveIndexedTitles('materials')
     elif myarg in {'showcreatoremails', 'creatoremail'}:
       showCreatorEmail = True
     elif myarg == 'showtopicnames':
@@ -49349,6 +49884,8 @@ def doPrintCourseWM(entityIDType, entityStateType):
   coursesInfo = _getCoursesInfo(croom, courseSelectionParameters, courseShowProperties)
   if coursesInfo is None:
     return
+  if countsOnly:
+    csvPF.SetFormatJSON(False)
   applyCourseItemFilter = _setApplyCourseItemFilter(courseItemFilter, fieldsList)
   courseWMIds = courseWMSelectionParameters['courseWMIds']
   courseWMIdsLists = courseWMIds if isinstance(courseWMIds, dict) else {}
@@ -49403,7 +49940,8 @@ def doPrintCourseWM(entityIDType, entityStateType):
 #	(orderby <CourseMaterialsOrderByFieldName> [ascending|descending])*)
 #	[showcreatoremails|creatoremail] [showtopicnames] [fields <CourseMaterialFieldNameList>]
 #	[timefilter creationtime|updatetime|scheduledtime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
-#	[countsonly] [formatjson [quotechar <Character>]]
+#	[oneitemperrow]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def doPrintCourseMaterials():
   doPrintCourseWM(Ent.COURSE_MATERIAL_ID, Ent.COURSE_MATERIAL_STATE)
 
@@ -49414,7 +49952,8 @@ def doPrintCourseMaterials():
 #	[showcreatoremails|creatoremail] [showtopicnames] [fields <CourseWorkFieldNameList>]
 #	[showstudentsaslist [<Boolean>]] [delimiter <Character>]
 #	[timefilter creationtime|updatetime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
-#	[countsonly] [formatjson [quotechar <Character>]]
+#	[oneitemperrow]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def doPrintCourseWork():
   doPrintCourseWM(Ent.COURSE_WORK_ID, Ent.COURSE_WORK_STATE)
 
@@ -49458,7 +49997,7 @@ def _gettingCourseSubmissionQuery(courseSubmissionStates, late, userId):
 #	(submissionids <CourseSubmissionIDEntity>)|((submissionstates <CourseSubmissionStateList>)*) [late|notlate]
 #	[fields <CourseSubmissionFieldNameList>] [showuserprofile]
 #	[timefilter creationtime|updatetime] [start|starttime <Date>|<Time>] [end|endtime <Date>|<Time>]
-#	[countsonly] [formatjson [quotechar <Character>]]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def doPrintCourseSubmissions():
   def _printCourseSubmission(course, courseSubmission):
     if applyCourseItemFilter and not _courseItemPassesFilter(courseSubmission, courseItemFilter):
@@ -49540,6 +50079,8 @@ def doPrintCourseSubmissions():
   coursesInfo = _getCoursesInfo(croom, courseSelectionParameters, courseShowProperties, getOwnerId=True)
   if coursesInfo is None:
     return
+  if countsOnly:
+    csvPF.SetFormatJSON(False)
   applyCourseItemFilter = _setApplyCourseItemFilter(courseItemFilter, fieldsList)
   courseWorkIds = courseWMSelectionParameters['courseWMIds']
   courseWorkIdsLists = courseWorkIds if isinstance(courseWorkIds, dict) else {}
@@ -53286,16 +53827,16 @@ def infoCalendarEvents(users):
 
 # gam <UserTypeEntity> print events <UserCalendarEntity> <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly [eventrowfilter]]
-#	[formatjson [quotechar <Character>]] [todrive <ToDriveAttribute>*]
+#	(addcsvdata <FieldName> <String>)*
+#	[eventrowfilter]
+#	[countsonly|(formatjson [quotechar <Character>])] [todrive <ToDriveAttribute>*]
 # gam <UserTypeEntity> show events <UserCalendarEntity> <EventEntity> <EventDisplayProperties>*
 #	[fields <EventFieldNameList>] [showdayofweek]
-#	[countsonly]]
-#	[formatjson]
+#	~[countsonly|formatjson]
 def printShowCalendarEvents(users):
   calendarEntity = getUserCalendarEntity()
   calendarEventEntity = getCalendarEventEntity()
-  csvPF, FJQC, fieldsList = _getCalendarPrintShowEventOptions(calendarEventEntity, Ent.USER)
+  csvPF, FJQC, fieldsList, addCSVData = _getCalendarPrintShowEventOptions(calendarEventEntity, Ent.USER)
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -53306,7 +53847,7 @@ def printShowCalendarEvents(users):
       continue
     Ind.Increment()
     _printShowCalendarEvents(origUser, user, cal, calIds, jcount, calendarEventEntity,
-                             csvPF, FJQC, fieldsList)
+                             csvPF, FJQC, fieldsList, addCSVData)
     Ind.Decrement()
   if csvPF:
     if calendarEventEntity['countsOnly'] and calendarEventEntity['eventRowFilter']:
@@ -53330,22 +53871,21 @@ def getStatusEventDateTime(dateType, dateList):
   firstDate = getYYYYMMDD(minLen=1, returnDateTime=True).replace(tzinfo=GC.Values[GC.TIMEZONE])
   if dateType == 'range':
     lastDate = getYYYYMMDD(minLen=1, returnDateTime=True).replace(tzinfo=GC.Values[GC.TIMEZONE])
-  deltaDay = datetime.timedelta(days=1)
-  deltaWeek = datetime.timedelta(weeks=1)
   if dateType in {'date', 'allday'}:
-    dateList.append({'type': 'date', 'first': firstDate, 'last': firstDate+deltaDay,
-                     'ulast': firstDate+deltaDay, 'udelta': deltaDay})
+    dateList.append({'type': 'date', 'first': firstDate, 'last': firstDate.shift(days=1),
+                     'ulast': firstDate.shift(days=1), 'udelta': {'days': 1}})
   elif dateType == 'range':
-    dateList.append({'type': dateType, 'first': firstDate, 'last': lastDate+deltaDay,
-                     'ulast': lastDate, 'udelta': deltaDay})
+    dateList.append({'type': dateType, 'first': firstDate, 'last': lastDate.shift(days=1),
+                     'ulast': lastDate, 'udelta': {'days': 1}})
   elif dateType == 'daily':
     argRepeat = getInteger(minVal=1, maxVal=366)
-    dateList.append({'type': dateType, 'first': firstDate, 'last': firstDate+datetime.timedelta(days=argRepeat),
-                     'ulast': firstDate+datetime.timedelta(days=argRepeat), 'udelta': deltaDay})
+    dateList.append({'type': dateType, 'first': firstDate, 'last': firstDate.shift(days=argRepeat),
+                     'ulast': firstDate.shift(days=argRepeat), 'udelta': {'days': 1}})
   else: #weekly
     argRepeat = getInteger(minVal=1, maxVal=52)
-    dateList.append({'type': dateType, 'first': firstDate, 'last': firstDate+deltaDay, 'pdelta': deltaWeek, 'repeats': argRepeat,
-                     'ulast': firstDate+datetime.timedelta(weeks=argRepeat), 'udelta': deltaWeek})
+    dateList.append({'type': dateType, 'first': firstDate, 'last': firstDate.shift(days=1),
+                     'pdelta': {'weeks': 1}, 'repeats': argRepeat,
+                     'ulast': firstDate.shift(weeks=argRepeat), 'udelta': {'weeks': 1}})
 
 def _showCalendarStatusEvent(primaryEmail, calId, eventEntityType, event, k, kcount, FJQC):
   if FJQC.formatJSON:
@@ -53533,7 +54073,7 @@ def createStatusEvent(users, eventType):
         if wlDate['type'] != 'timerange':
           body['start']['date'] = first.strftime(YYYYMMDD_FORMAT)
           kvList[5] = body['start']['date']
-          body['end']['date'] = (first+datetime.timedelta(days=1)).strftime(YYYYMMDD_FORMAT)
+          body['end']['date'] = (first.shift(days=1)).strftime(YYYYMMDD_FORMAT)
         else:
           body['start']['dateTime'] = ISOformatTimeStamp(first)
           kvList[5] = body['start']['dateTime']
@@ -53552,7 +54092,7 @@ def createStatusEvent(users, eventType):
           entityActionPerformed(kvList, j, jcount)
           if wlDate['type'] == 'timerange':
             break
-          first += wlDate['udelta']
+          first = first.shift(**wlDate['udelta'])
         except (GAPI.forbidden, GAPI.invalid) as e:
           entityActionFailedWarning([Ent.CALENDAR, user], str(e), i, count)
           break
@@ -53751,10 +54291,10 @@ def printShowStatusEvent(users, eventType):
           for event in events:
             if showDayOfWeek:
               _getEventDaysOfWeek(event)
-            _printCalendarEvent(user, calId, event, csvPF, FJQC)
+            _printCalendarEvent(user, calId, event, csvPF, FJQC, {})
         if 'pdelta' in wlDate:
-          first += wlDate['pdelta']
-          last += wlDate['pdelta']
+          first = first.shift(**wlDate['pdelta'])
+          last = last.shift(**wlDate['pdelta'])
   if csvPF:
     csvPF.writeCSVfile(f'Calendar {Ent.Plural(entityType)}')
 
@@ -54969,7 +55509,7 @@ def getDriveFileAttribute(myarg, body, parameters, updateCmd):
   elif myarg == 'timestamp':
     parameters[DFA_TIMESTAMP] = getBoolean()
   elif myarg == 'timeformat':
-    parameters[DFA_TIMEFORMAT] = getString(Cmd.OB_STRING, minLen=0)
+    parameters[DFA_TIMEFORMAT] = getString(Cmd.OB_DATETIME_FORMAT, minLen=0)
   elif getDriveFileCopyAttribute(myarg, body, parameters):
     pass
   else:
@@ -56258,7 +56798,7 @@ def _selectRevisionIds(drive, fileId, origUser, user, i, count, j, jcount, revis
     count = 0
     if revisionsEntity['time'][0] == 'before':
       for revision in results:
-        modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+        modifiedDateTime = arrow.get(revision['modifiedTime'])
         if modifiedDateTime >= dateTime:
           break
         revisionIds.append(revision['id'])
@@ -56268,7 +56808,7 @@ def _selectRevisionIds(drive, fileId, origUser, user, i, count, j, jcount, revis
       return revisionIds
 # time: after
     for revision in results:
-      modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+      modifiedDateTime = arrow.get(revision['modifiedTime'])
       if modifiedDateTime >= dateTime:
         revisionIds.append(revision['id'])
         count += 1
@@ -56280,7 +56820,7 @@ def _selectRevisionIds(drive, fileId, origUser, user, i, count, j, jcount, revis
   endDateTime = revisionsEntity['range'][2]
   count = 0
   for revision in results:
-    modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+    modifiedDateTime = arrow.get(revision['modifiedTime'])
     if modifiedDateTime >= startDateTime:
       if modifiedDateTime >= endDateTime:
         break
@@ -56490,7 +57030,7 @@ def _selectRevisionResults(results, fileId, origUser, revisionsEntity, previewDe
     count = 0
     if revisionsEntity['time'][0] == 'before':
       for revision in results:
-        modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+        modifiedDateTime = arrow.get(revision['modifiedTime'])
         if modifiedDateTime >= dateTime:
           break
         count += 1
@@ -56501,7 +57041,7 @@ def _selectRevisionResults(results, fileId, origUser, revisionsEntity, previewDe
       return results[:count]
 # time: after
     for revision in results:
-      modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+      modifiedDateTime = arrow.get(revision['modifiedTime'])
       if modifiedDateTime >= dateTime:
         break
       count += 1
@@ -56518,7 +57058,7 @@ def _selectRevisionResults(results, fileId, origUser, revisionsEntity, previewDe
     count = 0
     selectedResults = []
     for revision in  results:
-      modifiedDateTime, _ = iso8601.parse_date(revision['modifiedTime'])
+      modifiedDateTime = arrow.get(revision['modifiedTime'])
       if modifiedDateTime >= startDateTime:
         if modifiedDateTime >= endDateTime:
           break
@@ -57056,7 +57596,7 @@ class PermissionMatch():
           break
       elif field in {'expirationstart', 'expirationend'}:
         if 'expirationTime' in permission:
-          expirationDateTime, _ = iso8601.parse_date(permission['expirationTime'])
+          expirationDateTime = arrow.get(permission['expirationTime'])
           if field == 'expirationstart':
             if expirationDateTime < value:
               break
@@ -59539,7 +60079,7 @@ def processFilenameReplacements(name, replacements):
   return name
 
 def addTimestampToFilename(parameters, body):
-  tdtime = datetime.datetime.now(GC.Values[GC.TIMEZONE])
+  tdtime = arrow.now(GC.Values[GC.TIMEZONE])
   body['name'] += ' - '
   if not parameters[DFA_TIMEFORMAT]:
     body['name'] += ISOformatTimeStamp(tdtime)
@@ -59556,7 +60096,7 @@ createReturnItemMap = {
 #	[(localfile <FileName>|-)|(url <URL>)]
 #	[(drivefilename|newfilename <DriveFileName>) | (replacefilename <REMatchPattern> <RESubstitution>)*]
 #	[stripnameprefix <String>]
-#	[timestamp <Boolean>]] [timeformat <String>]
+#	[timestamp <Boolean>]] [timeformat <DateTimeFormat>]
 #	<DriveFileCreateAttribute>* [noduplicate]
 #	[(csv [todrive <ToDriveAttribute>*] (addcsvdata <FieldName> <String>)*)) |
 #	 (returnidonly|returnlinkonly|returneditlinkonly|showdetails)]
@@ -60083,7 +60623,7 @@ def checkDriveFileShortcut(users):
 #	[(localfile <FileName>|-)|(url <URL>)]
 #	[retainname | (newfilename <DriveFileName>) | (replacefilename <REMatchPattern> <RESubstitution>)*]
 #	[stripnameprefix <String>]
-#	[timestamp <Boolean>]] [timeformat <String>]
+#	[timestamp <Boolean>]] [timeformat <DateTimeFormat>]
 #	<DriveFileUpdateAttribute>*
 #	[(gsheet|csvsheet <SheetEntity> [clearfilter])|(addsheet <String>)]
 #	[charset <String>] [columndelimiter <Character>]
@@ -64531,11 +65071,11 @@ def claimOwnership(users):
     elif myarg == 'onlyusers':
       _, userList = getEntityToModify(defaultEntityType=Cmd.ENTITY_USERS)
       checkOnly = True
-      onlyOwners = set(userList)
+      onlyOwners = {normalizeEmailAddressOrUID(user, noUid=True) for user in userList}
     elif myarg == 'skipusers':
       _, userList = getEntityToModify(defaultEntityType=Cmd.ENTITY_USERS)
       checkSkip = len(userList) > 0
-      skipOwners = set(userList)
+      skipOwners = {normalizeEmailAddressOrUID(user, noUid=True) for user in userList}
     elif myarg == 'subdomains':
       subdomains = getEntityList(Cmd.OB_DOMAIN_NAME_ENTITY)
     elif myarg == 'includetrashed':
@@ -71667,8 +72207,8 @@ def _mapMessageQueryDates(parameters):
     if not mg:
       break
     try:
-      dt = datetime.datetime(int(mg.groups()[1]), int(mg.groups()[2]), int(mg.groups()[3]), tzinfo=GC.Values[GC.TIMEZONE])
-      query = query[:mg.start(2)]+str(int(datetime.datetime.timestamp(dt)))+query[mg.end(4):]
+      dt = arrow.Arrow(int(mg.groups()[1]), int(mg.groups()[2]), int(mg.groups()[3]), tzinfo=GC.Values[GC.TIMEZONE])
+      query = query[:mg.start(2)]+str(dt.int_timestamp)+query[mg.end(4):]
     except ValueError:
       pass
     pos = mg.end()
@@ -72849,9 +73389,9 @@ def printShowMessagesThreads(users, entityType):
     if pLoc > 0:
       dateTimeValue = dateTimeValue[:pLoc]
     try:
-      dateTimeValue = datetime.datetime.strptime(dateTimeValue, RFC2822_TIME_FORMAT)
+      dateTimeValue = arrow.Arrow.strptime(dateTimeValue, RFC2822_TIME_FORMAT)
       if dateHeaderConvertTimezone:
-        dateTimeValue = dateTimeValue.astimezone(GC.Values[GC.TIMEZONE])
+        dateTimeValue = dateTimeValue.to(GC.Values[GC.TIMEZONE])
       return dateTimeValue.strftime(dateHeaderFormat)
     except ValueError:
       return headerValue
@@ -73508,14 +74048,58 @@ def printShowMessages(users):
 def printShowThreads(users):
   printShowMessagesThreads(users, Ent.THREAD)
 
+def sendCreateDelegateNotification(user, delegate, basenotify, i=0, count=0, msgFrom=None):
+# Substitute for #user#, #delegate#
+  def _substituteForPattern(field, pattern, value):
+    if field.find('#') == -1:
+      return field
+    return field.replace(pattern, value)
+
+  def _makeSubstitutions(field):
+    notify[field] = _substituteForPattern(notify[field], '#user#', user)
+    notify[field] = _substituteForPattern(notify[field], '#delegate#', delegate)
+
+  notify = basenotify.copy()
+  if not notify['subject']:
+    notify['subject'] = Msg.CREATE_DELEGATE_NOTIFY_SUBJECT
+  _makeSubstitutions('subject')
+  if not notify['message']:
+    notify['message'] = Msg.CREATE_DELEGATE_NOTIFY_MESSAGE
+  elif notify['html']:
+    notify['message'] = notify['message'].replace('\r', '').replace('\\n', '<br/>')
+  else:
+    notify['message'] = notify['message'].replace('\r', '').replace('\\n', '\n')
+  _makeSubstitutions('message')
+  if 'from' in notify:
+    msgFrom = notify['from']
+  msgReplyTo = notify.get('replyto', None)
+  mailBox = notify.get('mailbox', None)
+  send_email(notify['subject'], notify['message'], delegate, i, count,
+             msgFrom=msgFrom, msgReplyTo=msgReplyTo, html=notify['html'], charset=notify['charset'], mailBox=mailBox)
+
 # gam <UserTypeEntity> create delegate|delegates [convertalias] <UserEntity>
+#	[notify [<Boolean>]
+#	    [subject <String>]
+#	    [from <EmailAaddress>] [mailbox <EmailAddress>]
+#	    [replyto <EmailAaddress>]
+#	    [<NotifyMessageContent>] [html [<Boolean>]]
+#	]
 # gam <UserTypeEntity> delete delegate|delegates [convertalias] <UserEntity>
 def processDelegates(users):
   cd = buildGAPIObject(API.DIRECTORY)
-  function = 'delete' if Act.Get() == Act.DELETE else 'create'
+  createCmd = Act.Get() != Act.DELETE
   aliasAllowed = not checkArgumentPresent(['convertalias'])
   delegateEntity = getUserObjectEntity(Cmd.OB_USER_ENTITY, Ent.DELEGATE)
-  checkForExtraneousArguments()
+  notify = {'notify': False, 'subject': '', 'message': '', 'html': False, 'charset': UTF8}
+  if createCmd:
+    while Cmd.ArgumentsRemaining():
+      myarg = getArgument()
+      if getNotifyArguments(myarg, notify, False):
+        pass
+      else:
+        unknownArgumentExit()
+  else:
+    checkForExtraneousArguments()
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -73527,25 +74111,37 @@ def processDelegates(users):
     for delegate in delegates:
       j += 1
       delegateEmail = convertUIDtoEmailAddress(delegate, cd=cd, emailTypes=['user', 'group'], aliasAllowed=aliasAllowed)
+      kvList = [Ent.USER, user, Ent.DELEGATE, delegateEmail]
       try:
-        if function == 'create':
-          callGAPI(gmail.users().settings().delegates(), function,
+        if createCmd:
+          callGAPI(gmail.users().settings().delegates(), 'create',
                    throwReasons=GAPI.GMAIL_THROW_REASONS+[GAPI.ALREADY_EXISTS, GAPI.FAILED_PRECONDITION, GAPI.INVALID,
                                                           GAPI.NOT_FOUND, GAPI.INVALID_ARGUMENT, GAPI.PERMISSION_DENIED],
                    userId='me', body={'delegateEmail': delegateEmail})
+          entityActionPerformed(kvList, j, jcount)
+          if notify['notify']:
+            Ind.Increment()
+            sendCreateDelegateNotification(user, delegateEmail, notify, j, jcount)
+            Ind.Decrement()
         else:
-          callGAPI(gmail.users().settings().delegates(), function,
+          callGAPI(gmail.users().settings().delegates(), 'delete',
                    throwReasons=GAPI.GMAIL_THROW_REASONS+[GAPI.NOT_FOUND, GAPI.INVALID_INPUT, GAPI.PERMISSION_DENIED],
                    userId='me', delegateEmail=delegateEmail)
-        entityActionPerformed([Ent.USER, user, Ent.DELEGATE, delegateEmail], j, jcount)
+          entityActionPerformed(kvList, j, jcount)
       except (GAPI.alreadyExists, GAPI.failedPrecondition, GAPI.invalid,
               GAPI.notFound, GAPI.invalidArgument, GAPI.permissionDenied) as e:
-        entityActionFailedWarning([Ent.USER, user, Ent.DELEGATE, delegateEmail], str(e), j, jcount)
+        entityActionFailedWarning(kvList, str(e), j, jcount)
       except GAPI.serviceNotAvailable:
         userGmailServiceNotEnabledWarning(user, i, count)
     Ind.Decrement()
 
 # gam <UserTypeEntity> delegate to [convertalias] <UserEntity>
+#	[notify [<Boolean>]
+#	    [subject <String>]
+#	    [from <EmailAaddress>] [mailbox <EmailAddress>]
+#	    [replyto <EmailAaddress>]
+#	    [<NotifyMessageContent>] [html [<Boolean>]]
+#	]
 def delegateTo(users):
   checkArgumentPresent('to', required=True)
   processDelegates(users)
@@ -77002,7 +77598,7 @@ TASK_QUERY_STATE_MAP = {
 #	[updatedmin <Time>]
 #	[showcompleted [<Boolean>]] [showdeleted [<Boolean>]] [showhidden [<Boolean>]] [showall]
 #	[orderby completed|due|updated]
-#	[countsonly | (formatjson [quotechar <Character>])]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def printShowTasks(users):
   def _showTaskAndChildren(tasklist, taskId, k, compact):
     if taskId in taskParentsProcessed:
@@ -77069,8 +77665,11 @@ def printShowTasks(users):
         csvPF.SetTitles(['User', CSVTitle])
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, False)
-  if csvPF and FJQC.formatJSON:
-    csvPF.SetJSONTitles(['User', 'tasklistId', 'id', 'taskId', 'title', 'JSON'])
+  if csvPF:
+    if countsOnly:
+      csvPF.SetFormatJSON(False)
+    elif FJQC.formatJSON:
+      csvPF.SetJSONTitles(['User', 'tasklistId', 'id', 'taskId', 'title', 'JSON'])
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -77269,7 +77868,7 @@ def processTasklists(users):
 # gam <UserTypeEntity> show tasklists
 #	[countsonly|formatjson]
 # gam <UserTypeEntity> print tasklists [todrive <ToDriveAttribute>*]
-#	[countsonly | (formatjson [quotechar <Character>])]
+#	[countsonly|(formatjson [quotechar <Character>])]
 def printShowTasklists(users):
   csvPF = CSVPrintFile(['User', 'id', 'title']) if Act.csvFormat() else None
   if csvPF:
@@ -77287,6 +77886,8 @@ def printShowTasklists(users):
         csvPF.SetTitles(['User', CSVTitle])
     else:
       FJQC.GetFormatJSONQuoteChar(myarg, True)
+  if countsOnly and csvPF:
+    csvPF.SetFormatJSON(False)
   i, count, users = getEntityArgument(users)
   for user in users:
     i += 1
@@ -77890,6 +78491,7 @@ MAIN_ADD_CREATE_FUNCTIONS = {
   Cmd.ARG_VAULTEXPORT:		doCreateVaultExport,
   Cmd.ARG_VAULTHOLD:		doCreateVaultHold,
   Cmd.ARG_VAULTMATTER:		doCreateVaultMatter,
+  Cmd.ARG_VAULTQUERY:		doCreateVaultQuery,
   Cmd.ARG_VERIFY:		doCreateSiteVerification,
   }
 
@@ -77947,6 +78549,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
      {Cmd.ARG_SHAREDDRIVEACLS:	doCopySyncSharedDriveACLs,
       Cmd.ARG_STORAGEBUCKET:	doCopyCloudStorageBucket,
       Cmd.ARG_VAULTEXPORT:	doCopyVaultExport,
+      Cmd.ARG_VAULTQUERY:	doCopyVaultQuery,
      }
     ),
   'create':
@@ -78011,6 +78614,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_VAULTEXPORT:	doDeleteVaultExport,
       Cmd.ARG_VAULTHOLD:	doDeleteVaultHold,
       Cmd.ARG_VAULTMATTER:	doDeleteVaultMatter,
+      Cmd.ARG_VAULTQUERY:	doDeleteVaultQuery,
      }
     ),
   'download':
@@ -78138,6 +78742,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_CHROMEAPP:	doPrintShowChromeApps,
       Cmd.ARG_CHROMEAPPDEVICES:	doPrintShowChromeAppDevices,
       Cmd.ARG_CHROMEAUES:	doPrintShowChromeAues,
+      Cmd.ARG_CHROMEDEVICECOUNTS:	doPrintShowChromeDeviceCounts,
       Cmd.ARG_CHROMEHISTORY:	doPrintShowChromeHistory,
       Cmd.ARG_CHROMENEEDSATTN:	doPrintShowChromeNeedsAttn,
       Cmd.ARG_CHROMEPOLICY:	doPrintShowChromePolicies,
@@ -78275,6 +78880,7 @@ MAIN_COMMANDS_WITH_OBJECTS = {
       Cmd.ARG_CHROMEAPP:	doPrintShowChromeApps,
       Cmd.ARG_CHROMEAPPDEVICES:	doPrintShowChromeAppDevices,
       Cmd.ARG_CHROMEAUES:	doPrintShowChromeAues,
+      Cmd.ARG_CHROMEDEVICECOUNTS:	doPrintShowChromeDeviceCounts,
       Cmd.ARG_CHROMEHISTORY:	doPrintShowChromeHistory,
       Cmd.ARG_CHROMENEEDSATTN:	doPrintShowChromeNeedsAttn,
       Cmd.ARG_CHROMEPOLICY:	doPrintShowChromePolicies,