Re: How to get a all list of users information wit...

Nagarjuna1242 · 05-05-2022 02:50 AM

Retrieve all users in a domain using python code. can you plz help me.

expected output:

{
 "kind": "directory#user",
 "id": "the unique user id",
 "primaryEmail": "liz@example.com",
 "name": {
  "givenName": "Liz",
  "familyName": "Smith",
  "fullName": "Liz Smith"
 },
 "isAdmin": true,
 "isDelegatedAdmin": false,
 "lastLoginTime": "2013-02-05T10:30:03.325Z",
 "creationTime": "2010-04-05T17:30:04.325Z",
 "agreedToTerms": true,
 "hashFunction": "SHA-1",
 "suspended": false,
 "changePasswordAtNextLogin": false,
 "ipWhitelisted": false,
 "ims": [
  {
   "type": "work",
   "protocol": "gtalk",
   "im": "lizim@talk.example.com",
   "primary": true
  }
 ],
 "emails": [
  {
   "address": "liz@example.com",
   "type": "home",
   "customType": "",
   "primary": true
  }
 ],
 "addresses": [
  {
   "type": "work",
   "customType": "",
   "streetAddress": "1600 Amphitheatre Parkway",
   "locality": "Mountain View",
   "region": "CA",
   "postalCode": "94043"
  }
 ],
 "externalIds": [
  {
   "value": "employee number",
   "type": "custom",
   "customType": "office"
  }
 ],
 "relations": [
  {
   "value": "susan",
   "type": "friend",
   "customType": ""
  }
 ],
 "organizations": [
  {
   "name": "Google Inc.",
   "title": "SWE",
   "primary": true,
   "customType": "",
   "description": "Software engineer"
  }
 ],
 "phones": [
  {
   "value": "+1 nnn nnn nnnn",
   "type": "work"
  }
 ],
 "aliases": [
  "lizsmith@example.com",
  "lsmith@example.com"
 ],
 "nonEditableAliases": [
  "liz@test.com"
 ],
 "customerId": "C03az79cb",
 "orgUnitPath": "corp/engineering",
 "isMailboxSetup": true,
 "includeInGlobalAddressList": true
}

icrew

You can do this easily with the free, open source, command-line, indispensable GAM tool. Check out https://github.com/jay0lee/GAM/wiki, https://github.com/taers232c/GAMADV-XTD3/wiki, and https://groups.google.com/forum/#!forum/google-apps-manager for more details.

Hope that helps,

Ian

Nagarjuna1242

Hi without using GAM tool is it possible to check it in Google Cloud Console Terminal via commands?

davidsalomon

https://developers.google.com/admin-sdk/directory/v1/quickstart/python

Nagarjuna1242

Hi Davidsalomon,

without having an admin account will it be possible to fetch those details creating service account?

JerryW

Yes, you can. The users.list API in Admin SDK does not require an admin account. You can use a service account to impersonate a non-admin Google Workspace account for the user.list API : https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list

Nagarjuna1242

Hi Jerry:

I tried using the below method. but I haven't received what I am expecting.

In my organization there be many users and many projects, it should print all user's information but in my case printing only my user account details.

Note: I have ran my code in GCP console

Program:

from google.oauth2 import id_token
from google.oauth2 import service_account
import google.auth
import google.auth.transport.requests
from google.auth.transport.urllib3 import AuthorizedHttp
from google.auth.transport.requests import AuthorizedSession
import requests

# path to your cloud function or any other service
url = 'https://admin.googleapis.com/admin/directory/v1/users'
#url='https://admin.googleapis.com/admin/directory/v1/users'
#url='https://admin.googleapis.com/admin/directory/v1/users?domain=irco.com&maxResults=100'
#url='https://www.googleapis.com/auth/admin.directory.user.readonly'
# path to you keys file that was downloaded when keys for SA were created
keyFilePath = '/home/nagarjuna_cheemala_ext/google-users-data/pubsub123-cred.json'
creds = service_account.IDTokenCredentials.from_service_account_file(keyFilePath,target_audience=url)
# auth session
authed_session = AuthorizedSession(creds)

# make authenticated request and print the response, status_code
resp = authed_session.get(url)

# to verify an ID Token
request = google.auth.transport.requests.Request()
token = creds.token
response=id_token.verify_token(token,request)
print(response)

Output:

{'aud': 'https://admin.googleapis.com/admin/directory/v1/users', 'azp': 'cloud-functiion@pubsub123-340711.iam.gserviceaccount.com', 'email': 'cloud-functiion@pubsub123-340711.iam.gserviceaccount.com', 'email_verified': True, 'exp': 1652278725, 'iat': 1652275125, 'iss': 'https://accounts.google.com', 'sub': '116130095130016409672'}.

It gives the same output with tried all scenarios.

Nagarjuna1242

after trying https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list getting the above error.

JerryW

The domain field cannot be empty. You must specify the correct domain name

Nagarjuna1242

Does domain mean my organization?

i have given irco.com

almarwangroup

this is working only with limited user's, the API documentation of the Google Developer is very difficult.

Nagarjuna1242

Hi Davidsalomon,

i was getting this kind of error following by this URL code(https://developers.google.com/admin-sdk/directory/v1/quickstart/python)

dhavalkhairnar

Hi @davidsalomon in the 2nd step here, I'm not getting the point to get API enabled for my GC project as my id is not Super admin on GW. I want to get the list of all users from GW with the another service account id. Can you please suggest?

KAM

@dhavalkhairnar Unless you have the admin karma to do this, I think you will be blocked. You'll need to ask your superadmin to help. Thoughts: Look at https://contacts.google.com/directory and see if you can get the information there. You'll still have the permissions, but also look at GAM https://www.ditoweb.com/2021/03/using-open-source-google-apps-manager-to-administer-google-workspace... -KAM

How to get a all list of users information within organization

Retrieve all users in a domain using python code. can you plz help me.