0

I'm trying to add a user (newly created) to a specific org unit in my Google Apps domain, but I can't seem to find any documentation or examples on this. Is this even possible? Perhaps through the use of plain REST calls?

My code so far to create a user:

var user = UserManager.createUser(userName, firstName, lastName, "welcome").setChangePasswordAtNextLogin(true);

Now I want to attach the user to a specific org unit, and make it a member of certain groups (but that's another question I'm diving into).

Any help will greatly be appreciated!

Regards,

Kees.

Eric Koleda
  • 12,420
  • 1
  • 33
  • 51
keesvanbemmel
  • 181
  • 3
  • 8

3 Answers3

3

The UserManager service doesn't support org units, but you can build the request manually.

The following Apps Script code adds an user to an OU. The parameters are the customerId, the email address of the user to add to the org unit and the org unit path:

function addUserToOU(customerId, email, ou) {
  var oauthConfig = UrlFetchApp.addOAuthService("google");

  var scope = "https://apps-apis.google.com/a/feeds/policies/";
  oauthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope="+scope);         
  oauthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
  oauthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");

  oauthConfig.setConsumerKey("anonymous");
  oauthConfig.setConsumerSecret("anonymous");

  var body = "<?xml version=\"1.0\" encoding=\"utf-8\"?><atom:entry xmlns:atom=\"http://www.w3.org/2005/Atom\" xmlns:apps=\"http://schemas.google.com/apps/2006\"><apps:property name=\"orgUnitPath\" value=\"" + ou + "\" /></atom:entry>";

  var requestData = {
    "method": "put",
    "contentType": "application/atom+xml",
    "oAuthServiceName": "google",
    "oAuthUseToken": "always",
    "payload": body
  };

  var url = "https://apps-apis.google.com/a/feeds/orguser/2.0/" + customerId + "/" + email;
  var result = UrlFetchApp.fetch(url, requestData);
  Logger.log(result.getContentText());
}
Claudio Cherubino
  • 14,896
  • 1
  • 35
  • 42
  • 1
    A simple way to obtain the customerId for the domain is by interactively getting it using the OAuth Playground https://code.google.com/oauthplayground/ First enter the scope "https: //apps-apis.google.com/a/feeds/policies/" (no spaces) , then follow the prompt to "exchange authorization code for tokens", then for the "Request URI" use "https: //apps-apis.google.com/a/feeds/customer/2.0/customerId" (no spaces) and click "Send the request". In the results, look for name='customerId' value='yourIdWillBeHere'. Hope this helps! – Peter Jul 02 '12 at 00:01
1

I think that this task is quite easy nowadays: This sinple code should work:

var emailAddress = 'myuser@mydomain.com';
var user = AdminDirectory.Users.get(emailAddress);
var orgunittomove='myorgunit'   //you can set the whole path;

user.orgUnitPath = orgunittomove;
AdminDirectory.Users.update(user, emailAddress);
Enrique Umaran
  • 115
  • 1
  • 1
  • 9
0

In the same way that the last answer, you can add the organization unit on the user object when you create the user. In the user object you have to set the orgUnitPath property. 

var user = {
    primaryEmail: "aperetz@austriajohn.edu",
    orgUnitPath:"/Students", 
        name: {
        givenName: "Albert",
        familyName: "Peretz"
    },
    password: "XWYlkf"
};
userGsuite = AdminDirectory.Users.insert(user);
Sergi Pérez
  • 1