10

Procedure

I'm going to:

1. Get a OrgUnit from the Google Directory API
2. Read the OrgUnit and collect the required Data
3. Try to delete the OrgUnit I just collected.

This somehow results in a 404 [Not Found] Error
Please keep in mind that the DirectoryService Class I am using, is working properly.
I modified the code in this example to make it easy to read, for example: Exception handling is not included etc.

The API

using Google.Apis.Admin.Directory.directory_v1

1. Get a OrgUnit from the Google Directory API

DirectoryService directoryService = ServiceInitializers.InitializeDirectoryService();
OrgUnit oUnit = directoryService.Orgunits.List(Settings.customerId).Execute().OrganizationUnits.FirstOrDefault();


2.Read the OrgUnit and collect the required Data

string orgUnitPath = oUnit.OrgUnitPath;


3.Try to delete the OrgUnit I just collected

var orgUnitDeleteResult = directoryService.Orgunits.Delete(Settings.customerId, orgUnitPath).Execute();


The Exception

GoogleApiException was unhandled

An unhandled exception of type 'Google.GoogleApiException' occurred in Google.Apis.dll

Additional information: Google.Apis.Requests.RequestError Org unit not found [404]

Nick Prozee
  • 2,823
  • 4
  • 22
  • 49
  • 1
    You seem to be using FirstOrDefault(), which may be giving you an empty object if there are in fact no org units in the domain. Can you confirm that the orgUnitPath is populated and not empty? – Eric Koleda May 05 '15 at 15:09
  • In that case step 2 would have given me a NullReferenceException – Nick Prozee May 05 '15 at 19:00
  • 3
    Not necessarily Nick. Maybe the **default** value for OrganisationUnits is some form of object containing an empty collection. It may not be null, it just may mean that orgUnitPath returns an empty string or null value. Can you confirm that? Look at the [examples on Enumerable.FirstOrDefault](https://msdn.microsoft.com/en-us/library/vstudio/bb340482(v=vs.100).aspx) for an empty array. – Mr Moose May 06 '15 at 08:52
  • Checked it and it actually has a value, It would be weird to return a OrgUnit if one does not exist in the domain doesnt it? What you are saying is that you do get a OrgUnit returned, but it has no path because it does not exist.. – Nick Prozee May 06 '15 at 08:55
  • The OrgUnitPath is like a distinguishedName for a OrgUnit. If you get a OrgUnit, it always has a path. this is its unique identifier. Maybe this clarifies – Nick Prozee May 06 '15 at 08:59
  • 1
    Sorry...I'm not familiar enough with the API to provide any more useful answer. One thing I would suggest trying though is looking at [the delete API doco](https://developers.google.com/admin-sdk/directory/v1/reference/orgunits/delete) as it seems you can try a delete through the website. Have a go at that while monitoring the traffic using Fiddler and see if there is anything else in the HTTP request/response that provides some insight as to why it can't find it. – Mr Moose May 07 '15 at 08:33
  • 2
    I did notice [at this link](https://developers.google.com/admin-sdk/directory/v1/guides/manage-org-units#delete_ou) that it states _"You can only delete organization units that do not have any child organization units or any users assigned to them. You need to reassign users to other organizational units and remove any child organization units before deleting."_ Maybe check and confirm this isn't the case. Maybe the error you see is a generic one for a range of conditions like this. Hopefully you find an answer at any rate. – Mr Moose May 07 '15 at 08:35
  • All help is appreciated! I tried that too.. Same result (404 response). My Guess is a bug in The API. – Nick Prozee May 07 '15 at 08:35
  • Might be best to try testing this same scenario with the Google APIs Explorer, so that you can rule out your code or the library as a culprit. – Eric Koleda May 07 '15 at 18:46
  • Same problem here. Just created OU via API and created user, then list users for that org, delete user, then try to delete OU, and 404. So I go and try to do it in the API explorer https://developers.google.com/admin-sdk/directory/v1/reference/orgunits/delete#try-it and it still returns 404. I'm at a loss. Anyone else figure this out? – zenocon May 09 '18 at 20:21

1 Answers1

2

My reputation isn't high enough to add a comment to get clarification before posting an answer, so I'll have to make some assumptions here.

First assumption is that you're using a service account to access the API.

Second assumption is that you've got a certificate from your Google administrative control panel and that's all in order.

I had a similar issue when I was updating user accounts through the API, and what fixed it for me was having a directory administrator account act as a delegate for the service account.

Here's the code I use to initialize my Google Directory Service.

private static DirectoryService initializeGoogleDirectoryService()
{
    try
    {
        String serviceAccountEmail = "your_service_account_email@developer.gserviceaccount.com";

        var certificate = new X509Certificate2(@"your_certificate_name.p12", "your_secret", X509KeyStorageFlags.Exportable);

        // For the service account to work, a user with admin privs must be assigned as the delegate.
        ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(serviceAccountEmail)
           {
               // Change the scope here to the one you need to modify org units.
               Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser },
               User = "administrator_account@your_google_apps_domain.com"
           }.FromCertificate(certificate));

        // Create the service.
        var service = new DirectoryService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "Your_Application_Name"
        });

        return service;
    }
    catch (Exception ex)
    {
        // Exception handling code below.
        return null;
    }
    finally
    { 
    }
}
sheppe
  • 708
  • 5
  • 12