Login/Register
OrgUnit Not Found using Google Directory API
Asked Answered
Solved c#.netwcfgoogle-admin-sdkgoogle-directory-api
C

1

10

Procedure

I'm going to:

1. Get a OrgUnit from the Google Directory API
2. Read the OrgUnit and collect the required Data
3. Try to delete the OrgUnit I just collected.

This somehow results in a 404 [Not Found] Error
Please keep in mind that the DirectoryService Class I am using, is working properly.
I modified the code in this example to make it easy to read, for example: Exception handling is not included etc.

The API

using Google.Apis.Admin.Directory.directory_v1

1. Get a OrgUnit from the Google Directory API

DirectoryService directoryService = ServiceInitializers.InitializeDirectoryService();
OrgUnit oUnit = directoryService.Orgunits.List(Settings.customerId).Execute().OrganizationUnits.FirstOrDefault();


2.Read the OrgUnit and collect the required Data

string orgUnitPath = oUnit.OrgUnitPath;


3.Try to delete the OrgUnit I just collected

var orgUnitDeleteResult = directoryService.Orgunits.Delete(Settings.customerId, orgUnitPath).Execute();


The Exception

GoogleApiException was unhandled

An unhandled exception of type 'Google.GoogleApiException' occurred in Google.Apis.dll

Additional information: Google.Apis.Requests.RequestError Org unit not found [404]

Covering answered 24/4, 2015 at 8:6 Comment(10)
You seem to be using FirstOrDefault(), which may be giving you an empty object if there are in fact no org units in the domain. Can you confirm that the orgUnitPath is populated and not empty?Brest
In that case step 2 would have given me a NullReferenceExceptionCovering
Not necessarily Nick. Maybe the default value for OrganisationUnits is some form of object containing an empty collection. It may not be null, it just may mean that orgUnitPath returns an empty string or null value. Can you confirm that? Look at the examples on Enumerable.FirstOrDefault for an empty array.Allynallys
Checked it and it actually has a value, It would be weird to return a OrgUnit if one does not exist in the domain doesnt it? What you are saying is that you do get a OrgUnit returned, but it has no path because it does not exist..Covering
The OrgUnitPath is like a distinguishedName for a OrgUnit. If you get a OrgUnit, it always has a path. this is its unique identifier. Maybe this clarifiesCovering
Sorry...I'm not familiar enough with the API to provide any more useful answer. One thing I would suggest trying though is looking at the delete API doco as it seems you can try a delete through the website. Have a go at that while monitoring the traffic using Fiddler and see if there is anything else in the HTTP request/response that provides some insight as to why it can't find it.Allynallys
I did notice at this link that it states "You can only delete organization units that do not have any child organization units or any users assigned to them. You need to reassign users to other organizational units and remove any child organization units before deleting." Maybe check and confirm this isn't the case. Maybe the error you see is a generic one for a range of conditions like this. Hopefully you find an answer at any rate.Allynallys
All help is appreciated! I tried that too.. Same result (404 response). My Guess is a bug in The API.Covering
Might be best to try testing this same scenario with the Google APIs Explorer, so that you can rule out your code or the library as a culprit.Brest
Same problem here. Just created OU via API and created user, then list users for that org, delete user, then try to delete OU, and 404. So I go and try to do it in the API explorer developers.google.com/admin-sdk/directory/v1/reference/orgunits/… and it still returns 404. I'm at a loss. Anyone else figure this out?Thorndike
F
2

My reputation isn't high enough to add a comment to get clarification before posting an answer, so I'll have to make some assumptions here.

First assumption is that you're using a service account to access the API.

Second assumption is that you've got a certificate from your Google administrative control panel and that's all in order.

I had a similar issue when I was updating user accounts through the API, and what fixed it for me was having a directory administrator account act as a delegate for the service account.

Here's the code I use to initialize my Google Directory Service.

private static DirectoryService initializeGoogleDirectoryService()
{
    try
    {
        String serviceAccountEmail = "[email protected]";

        var certificate = new X509Certificate2(@"your_certificate_name.p12", "your_secret", X509KeyStorageFlags.Exportable);

        // For the service account to work, a user with admin privs must be assigned as the delegate.
        ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(serviceAccountEmail)
           {
               // Change the scope here to the one you need to modify org units.
               Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser },
               User = "administrator_account@your_google_apps_domain.com"
           }.FromCertificate(certificate));

        // Create the service.
        var service = new DirectoryService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "Your_Application_Name"
        });

        return service;
    }
    catch (Exception ex)
    {
        // Exception handling code below.
        return null;
    }
    finally
    { 
    }
}
Flofloat answered 4/6, 2015 at 18:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.