expected output:
{
"kind": "directory#user",
"id": "the unique user id",
"primaryEmail": "liz@example.com",
"name": {
"givenName": "Liz",
"familyName": "Smith",
"fullName": "Liz Smith"
},
"isAdmin": true,
"isDelegatedAdmin": false,
"lastLoginTime": "2013-02-05T10:30:03.325Z",
"creationTime": "2010-04-05T17:30:04.325Z",
"agreedToTerms": true,
"hashFunction": "SHA-1",
"suspended": false,
"changePasswordAtNextLogin": false,
"ipWhitelisted": false,
"ims": [
{
"type": "work",
"protocol": "gtalk",
"im": "lizim@talk.example.com",
"primary": true
}
],
"emails": [
{
"address": "liz@example.com",
"type": "home",
"customType": "",
"primary": true
}
],
"addresses": [
{
"type": "work",
"customType": "",
"streetAddress": "1600 Amphitheatre Parkway",
"locality": "Mountain View",
"region": "CA",
"postalCode": "94043"
}
],
"externalIds": [
{
"value": "employee number",
"type": "custom",
"customType": "office"
}
],
"relations": [
{
"value": "susan",
"type": "friend",
"customType": ""
}
],
"organizations": [
{
"name": "Google Inc.",
"title": "SWE",
"primary": true,
"customType": "",
"description": "Software engineer"
}
],
"phones": [
{
"value": "+1 nnn nnn nnnn",
"type": "work"
}
],
"aliases": [
"lizsmith@example.com",
"lsmith@example.com"
],
"nonEditableAliases": [
"liz@test.com"
],
"customerId": "C03az79cb",
"orgUnitPath": "corp/engineering",
"isMailboxSetup": true,
"includeInGlobalAddressList": true
}
You can do this easily with the free, open source, command-line, indispensable GAM tool. Check out https://github.com/jay0lee/GAM/wiki, https://github.com/taers232c/GAMADV-XTD3/wiki, and https://groups.google.com/forum/#!forum/google-apps-manager for more details.
Hope that helps,
Ian
Hi without using GAM tool is it possible to check it in Google Cloud Console Terminal via commands?
Hi Davidsalomon,
without having an admin account will it be possible to fetch those details creating service account?
Yes, you can. The users.list API in Admin SDK does not require an admin account. You can use a service account to impersonate a non-admin Google Workspace account for the user.list API : https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list
Hi Jerry:
I tried using the below method. but I haven't received what I am expecting.
In my organization there be many users and many projects, it should print all user's information but in my case printing only my user account details.
Note: I have ran my code in GCP console
Program:
from google.oauth2 import id_token
from google.oauth2 import service_account
import google.auth
import google.auth.transport.requests
from google.auth.transport.urllib3 import AuthorizedHttp
from google.auth.transport.requests import AuthorizedSession
import requests
# path to your cloud function or any other service
url = 'https://admin.googleapis.com/admin/directory/v1/users'
#url='https://admin.googleapis.com/admin/directory/v1/users'
#url='https://admin.googleapis.com/admin/directory/v1/users?domain=irco.com&maxResults=100'
#url='https://www.googleapis.com/auth/admin.directory.user.readonly'
# path to you keys file that was downloaded when keys for SA were created
keyFilePath = '/home/nagarjuna_cheemala_ext/google-users-data/pubsub123-cred.json'
creds = service_account.IDTokenCredentials.from_service_account_file(keyFilePath,target_audience=url)
# auth session
authed_session = AuthorizedSession(creds)
# make authenticated request and print the response, status_code
resp = authed_session.get(url)
# to verify an ID Token
request = google.auth.transport.requests.Request()
token = creds.token
response=id_token.verify_token(token,request)
print(response)
Output:
{'aud': 'https://admin.googleapis.com/admin/directory/v1/users', 'azp': 'cloud-functiion@pubsub123-340711.iam.gserviceaccount.com', 'email': 'cloud-functiion@pubsub123-340711.iam.gserviceaccount.com', 'email_verified': True, 'exp': 1652278725, 'iat': 1652275125, 'iss': 'https://accounts.google.com', 'sub': '116130095130016409672'}.
It gives the same output with tried all scenarios.
after trying https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list getting the above error.
The domain field cannot be empty. You must specify the correct domain name
Does domain mean my organization?
i have given irco.com
this is working only with limited user's, the API documentation of the Google Developer is very difficult.
Hi Davidsalomon,
i was getting this kind of error following by this URL code(https://developers.google.com/admin-sdk/directory/v1/quickstart/python)
Hi @davidsalomon in the 2nd step here, I'm not getting the point to get API enabled for my GC project as my id is not Super admin on GW. I want to get the list of all users from GW with the another service account id. Can you please suggest?
@dhavalkhairnar Unless you have the admin karma to do this, I think you will be blocked. You'll need to ask your superadmin to help. Thoughts: Look at https://contacts.google.com/directory and see if you can get the information there. You'll still have the permissions, but also look at GAM https://www.ditoweb.com/2021/03/using-open-source-google-apps-manager-to-administer-google-workspace... -KAM