search

SCRT-HQ / PSGSuite

Powershell module for Google / G Suite API calls wrapped in handy functions. Authentication is established using a service account via P12 key to negate the consent popup and allow for greater handsoff automation capabilities
https://psgsuite.io/
Apache License 2.0
234 stars 66 forks source link

TransferOwnership doesnt work correct #276

Closed pompushko closed 4 years ago

pompushko commented 4 years ago

Describe the bug Want to transfer ownership of former employee documents

To Reproduce Steps to reproduce the behavior:

 Get-GSDriveFileList -User e****@OLD.DOMAIN.com | ForEach-Object { Add-GSDrivePermission -User $_.User -FileID $_.Id -Verbose -Type User -EmailAddress s******@DOMAIN.com -TransferOwnership -Confirm:$false -Role Owner }
 Get-GSDriveFileList : Exception calling "Execute" with "0" argument(s): "Google.Apis.Requests.RequestError
Invalid Credentials [401]
Errors [
    Message[Invalid Credentials] Location[Authorization - header] Reason[authError] Domain[global]
]
"
At C:\Scripts\PSGSuite\GSuiteManagement.ps1:61 char:1
+ Get-GSDriveFileList -User e*****@OLD.DOMAIN.com | ForEach-Objec ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-GSDriveFileList

Expected behavior Just transfer all documents to another user

Environment (please complete the following information):

Additional context I think about different domain or something like this, BUT:

Get-GSUserLicense -User e*****@OLD.DOMAIN.com -CheckAll 

 Etags       : "emikGzFKhWQh**********piNz9pFz_4_jwI"
Kind        : licensing#licenseAssignment
ProductId   : Google-Vault
ProductName : Google Vault
SelfLink    : https://www.googleapis.com/apps/licensing/v1/product/Google-Vault/sku/Google-Vault-Former-Employee/user/e*****@OLD.DOMAIN.com
SkuId       : Google-Vault-Former-Employee
SkuName     : Google Vault - Former Employee
UserId      : e*****@OLD.DOMAIN.com
ETag        : "emikGzFKhWQh**********piNz9pFz_4_jwI"
scrthq commented 4 years ago

Two things here @pompushko:

  1. Vault license disables the Drive service for the account, which is why you're getting the Credentials error. You'll need to reinstate the user license first, then reset the license to VFE once transfer is complete.
  2. If you're transferring everything, you're going to have a much easier time using Start-GSDataTransfer:
Start-GSDataTransfer -OldOwnerUserId $oldUserEmail -NewOwnerUserId $newUserEmail -ApplicationId (Get-GSDataTransferApplicationList | Where-Object {$_.Name -like '*Drive*'}).Id -PrivacyLevel SHARED -Verbose
pompushko commented 4 years ago

Yeah. Looking good. Thank you!