dynamic group query for manager not functioning lo...

cscott-sqz · 01-27-2023 08:35 AM

I'm trying to create a dynamic group for "executive management" defined by "any user whose manager = (the CEO's name)."

I use the query builder and wind up with the statement:

user.managers.exists(manager, manager.user_id==userId('<CEOuniqueID>'))

Unfortunately, this returns not only the users who's "Manager's email" filed is set to the CEO's email address but everybody under them!

That makes the query effectively useless; definitely need some more granularity built into this (ie the ability to specify the number of levels to go down this reporting chain).

christiannewman

Is your executive management team in its own OU/sub-OU (or could they be)? If so, you could query their OU instead.

tomcollins

This is useful in it's own way, but I would definitely appreciate the option of querying just direct reports OR everyone under them in the tree.

MichalKlucz

upvoting.
these are two separate requirements:

if you have a VP of IT you may want to create a dynamic group ' IT managers' consisting of in-lines of that person, or 'IT department' based on all people in the chain of command.
all you need is a single checkbox 'reports directly to[]'

goldyarora

@cscott-sqz @MichalKlucz @tomcollins @christiannewman
You may leverage google apps script with a daily (or hourly as needed) time trigger for now as a workaround, following apps script will run everyday automatically to check all direct reports of the ceo, and will put them in the required group.

const createHourlyTrigger = () => {
  ScriptApp.newTrigger('addDirectReportsToGroup')
    .timeBased()
    .everyDays(1)
    .create();
};

const addDirectReportsToGroup = () => {
  const ceoEmail = 'ceo@goldyarora.com'; // change this as required.
  const executiveManagementGroupId = 'groupEmail@goldyarora.com'; // change this as required.

  let pageToken;
  let directReports = [];

  do {
    // Get the users whose manager is the CEO
    const response = AdminDirectory.Users.list({
      domain: 'goldyarora.com', // change this as required
      query: `directManager=${ceoEmail}`,
      orderBy: 'email',
      maxResults: 100,
      pageToken,
    });

    directReports = directReports.concat(response.users || []);
    pageToken = response.nextPageToken;
  } while (pageToken);

  if (directReports) {
    directReports.forEach((user) => {
      addUserToGroup(user.primaryEmail, executiveManagementGroupId);
    });
  }
};

const addUserToGroup = (userEmail, groupId) => {
  const member = {
    email: userEmail,
    role: 'MEMBER',
  };

  try {
    AdminDirectory.Members.insert(member, groupId);
    Logger.log(`User ${userEmail} added to group ${groupId}`);
  } catch (e) {
    Logger.log(`Error adding user ${userEmail} to group ${groupId}: ${e}`);
  }
};

tomcollins

Hi @goldyarora , I'm trying to use your script, but getting this error on line 17:

ReferenceError: AdminDirectory is not defined

Any idea what's going wrong?

goldyarora

In the apps script editor, left hand navigation, you will see services, click on it and enable Admin SDK, and retry.

tomcollins

Thanks! addUserToGroup is also undefined - do you know which service needs to be added for that?

goldyarora

Sorry, I updated the script, please try now.

tomcollins

Thanks, it looks like that works. I don't have a huge amount of experience with apps script - if I run the "createHourlyTrigger" once, does that then create the trigger and it will continue to run every hour?

goldyarora

Yes, or you may delete the trigger from the script, and add it from the UI too.

MorganDaly

Thank you. I thought I was going mad. How could this be broken? Seems like basic functionality.

dynamic group query for manager not functioning logically