Inconsistent results when listing groups an external account belongs to

Question

Our Google domain has groups (synced copies of our Active Directory email listservs/distribution groups) that have a lot of external accounts (currently kept as contacts in Active Directory).

As part of an intranet site I'm building I'm trying to be able to do mass search and replace of individual contact email address when for example a school district changes its domain name. One of the visual/verification steps I'm working on is to list the Google group membership of any selected external account, but I'm getting mixed results. For some accounts it seems to list the groups properly, and for others it doesn't seem to pull any. I have verified the external account's group membership in both Active Directory and in Google Admin group management, but when I query Google via code I don't get valid results every time... What am I missing? Code below.

-- in Global.asax
public static List<string> GOOGLE_GetListOfUsersGroups(string useremail)
        {            
            List<string> groupList = new List<string>();

            try
            {
                ///stripped out credential/service stuff...

                var groups = service.Groups.List();
                groups.UserKey = useremail;
                          
                Groups gs = groups.Execute();

                if (gs != null)
                {
                    foreach (Google.Apis.Admin.Directory.directory_v1.Data.Group g in gs.GroupsValue)
                        groupList.Add(g.Email);
                }
            }
            catch (Exception ex)
            {
                SendERROREmail("GLOBAL<HR>GOOGLE_GetListOfUsersGroups()<HR>useremail:" + useremail + "<HR>" + ex.ToString());
            }

            return groupList;
        }

and the consuming function:

--- in Page.aspx
protected void ddlADExternalContacts_SelectedIndexChanged(object sender, EventArgs e)
        {
            lbContactsGoogleGroups.Items.Clear();

            if (ddlADExternalContacts.SelectedIndex > 0)
            {
                //show what google has for same group                
                List<string> memberList = Global.GOOGLE_GetListOfUsersGroups(ddlADExternalContacts.SelectedValue);

                if (memberList != null)
                {
                    foreach (string s in memberList)
                        lbContactsGoogleGroups.Items.Add(new ListItem(s, s));
                }
            }
        }

Also, does anyone have a good example how to handle this in Google's 'preferred' JSON format rather then the API route?

UPDATE: Ok, its not my code, its something with the group/Google. When I use the 'try it' functionality on the sdk admin site I get the same results for groups that work (in my code and their site) and no results from the same groups that should be showing results...

{
  "kind": "admin#directory#groups",
  "etag": "\"HKdfSgTnCxrWl3RtRnlZSCPY3NjdWJxz53nrhwSz7ob4/oMWMqbsluP5m2PCo8Y7WmWeHGP4\""
}

Not that that helps me any, as there's no error or anything, just the 'no groups' result as if it can't find the external account...

UPDATE2: Ok, based on what I'm seeing after some testing, I have a sneaky suspicion that Google is doing some validation of emails before checking for group membership and reporting anything. I.E. if the email being searched for is no longer valid (client's server doesn't responds that the account is reachable/enabled/exists...), it won't bother going any further... will try it out with a few more email addresses that I know should be invalid and update....later.

Answer 1

It looks like what you are experiencing might be a bug.

This has been reported on Google Issue Tracker here.

What you can do in this situation is to star the issue above and eventually add a comment saying that you are affected by it.