Should I always use serviceAccountCredentials.createDelegated() when using service account?

Question

There is a service account with domain-wide delegation and I need to get a list of users from Workspace by means of Admin SDK / Directory Api. Should I always call serviceAccountCredentials.createDelegated( delegatedUserEmail ) or similar ? This means I has to know at least one user email before getting the list of users (emails). Is there workaround for specifying this email?

        final ServiceAccountCredentials serviceAccountCredentials = ServiceAccountCredentials
                .fromPkcs8(
                        clientId,
                        clientEmail,
                        serviceAccountPkcs8Key,
                        serviceAccountPkcs8Id,
                        Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY));

        final GoogleCredentials delegatedCredentials = serviceAccountCredentials.createDelegated(delegatedUserEmail);

        HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(delegatedCredentials);

        Directory directory = new Directory.Builder(
                httpTransport, JSON_FACTORY, requestInitializer)
                .setApplicationName(applicationName)
                .build();

if I replace

final GoogleCredentials delegatedCredentials = serviceAccountCredentials.createDelegated(delegatedUserEmail);
HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(delegatedCredentials);

with

HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(
serviceAccountCredentials.createScoped(DirectoryScopes.ADMIN_DIRECTORY_USER_READONLY));

api responds an error:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request
GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&maxResults=500
{
  "code" : 400,
  "errors" : [ {
    "domain" : "global",
    "message" : "Invalid Input",
    "reason" : "invalid"
  } ],
  "message" : "Invalid Input"
}