OrgUnitPath not being returned in the MA Call

[khandelwalpiyush]

Not sure what this is - Google Bug or MA

Any change to OrgUnit Path is not being reported in the MA DI and always comes in as a delete and it is going in a loop. The actual change requested has been done on google side. GAM and Google GUI is also reporting it as the new OrgUnitPath

So GAM is reporting correct on API call but MA isin't.. Google GUI also showing correct information

Example: Changed orgunitpath to /AdditionalServices for "c-googleorgunit"

GAM : Google Org Unit Path: /AdditionalServices

After EALL to Google, the Delta File reports for OrgUnitPath as

   <attribute-changes>
      <attribute-change>
        <name>orgUnitPath</name>
        <modification-type>Delete</modification-type>
        <data-type>String</data-type>
        <value-changes />
      </attribute-change>

Fiddler RAW Data

PUT /admin/directory/v1/users/xxxxxxxxxxxxxxxx HTTP/1.1

HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sun, 10 Sep 2017 23:46:36 GMT Vary: X-Origin Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35" Accept-Ranges: none Vary: Origin,Accept-Encoding Content-Length: 1003

{ "kind": "admin#directory#user", "id": "XXXXXXXXXXXXXXXXXX", "etag": "\"XXXXXXXXXXXXXXXXXXXXX\"", "primaryEmail": "c-googleorgunit@XXXXXXXXXX", "name": { "givenName": "Test", "familyName": "OrgUnit", "fullName": "Test OrgUnit" }, "isAdmin": false, "isDelegatedAdmin": false, "lastLoginTime": "1970-01-01T00:00:00.000Z", "creationTime": "2017-09-10T23:14:50.000Z", "agreedToTerms": true, "suspended": false, "changePasswordAtNextLogin": false, "ipWhitelisted": false, "emails": [ { "address": "c-googleorgunit@XXXXXXX", "primary": true } ], "externalIds": [ { "value": "XXXXXXXXXXXXXXXXXX", "type": "custom", "customType": "XXXXXX" } ], "organizations": [ { "primary": true, "type": "work", "customType": "", "department": "XXXXXXXXXXXX" } ], "customerId": "XXXXXXXXXXXXXXXXXXX", "isMailboxSetup": true, "includeInGlobalAddressList": false }

[khandelwalpiyush]

Just noticed that in of the previous packets orgUnitPath was returned

GET /admin/directory/v1/users/XXXXXXXXXXXXXXXXX?projection=full HTTP/1.1

HTTP/1.1 200 OK Expires: Sun, 10 Sep 2017 23:46:35 GMT Date: Sun, 10 Sep 2017 23:46:35 GMT Cache-Control: private, max-age=0, must-revalidate, no-transform ETag: "XXXXXXXXXXXXXXXXXXXX" Vary: Origin Vary: X-Origin Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Length: 1096 Server: GSE Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"

{ "kind": "admin#directory#user", "id": "105246684831549991083", "etag": "\"XXXXXXXXXXXXXXXXXXXXX\"", "primaryEmail": "c-googleorgunit@XXXXXXXXXXXX", "name": { "givenName": "Test", "familyName": "OrgUnit", "fullName": "Test OrgUnit" }, "isAdmin": false, "isDelegatedAdmin": false, "lastLoginTime": "1970-01-01T00:00:00.000Z", "creationTime": "2017-09-10T23:14:50.000Z", "agreedToTerms": true, "suspended": false, "changePasswordAtNextLogin": false, "ipWhitelisted": false, "emails": [ { "address": "c-googleorgunit@XXXXXXXXXXXXX", "primary": true } ], "externalIds": [ { "value": "XXXXXXXXXXXXXXXXXXXX", "type": "custom", "customType": "XXXXXXXXXXXXXXXXX" } ], "organizations": [ { "primary": true, "type": "work", "customType": "", "department": "XXXXXXXXXXXXXXX" } ], "customerId": "XXXXXXXXXXXXXXXXXX", "orgUnitPath": "/AdditionalServices", "isMailboxSetup": true, "isEnrolledIn2Sv": false, "isEnforcedIn2Sv": false, "includeInGlobalAddressList": false }

[ryannewington]

Was that fiddler trace from the MA or obtained some other way. It's not the GET we want, its the PUT, and the resulting response. Can you try using the API explorer to make a modification to the user, and check the resulting response (which will be a represetnation of the user after the change). That is where the delta is coming from

[khandelwalpiyush]

Fiddler trace was from MA..

I tried PUT (not sure if doing it right) via API Explorer

PUT https://www.googleapis.com/admin/directory/v1/users/XXXXXXXXXXX?fields=orgUnitPath&key={YOUR_API_KEY}

{ "orgUnitPath": "/AdditionalServices" }

The reponse didn't have the whole entry

200 OK

• Hide headers -

cache-control: no-cache, no-store, max-age=0, must-revalidate content-encoding: gzip content-length: 23 content-type: application/json; charset=UTF-8 date: Mon, 11 Sep 2017 02:12:16 GMT etag: "XXXXXXXXXXXXXXXXXX" expires: Mon, 01 Jan 1990 00:00:00 GMT pragma: no-cache server: GSE vary: Origin, X-Origin

{ }

[ryannewington]

I think that it showing you the problem. The API should return the updated object. Try changing something else like name, and you should see that come back

[khandelwalpiyush]

Request

PUT https://www.googleapis.com/admin/directory/v1/users/XXXXXXXXXXXX?fields=name%2FgivenName&key={YOUR_API_KEY}

{ "name": { "givenName": "Test2" } }

Response

200 OK

cache-control: no-cache, no-store, max-age=0, must-revalidate content-encoding: gzip content-length: 57 content-type: application/json; charset=UTF-8 date: Mon, 11 Sep 2017 02:20:18 GMT etag: "XXXXXXXXXXXXX" expires: Mon, 01 Jan 1990 00:00:00 GMT pragma: no-cache server: GSE vary: Origin, X-Origin

{ "name": { "givenName": "Test2" } }

[ryannewington]

So API bug? If you do name and org unit in the same request, does only name come back?

[khandelwalpiyush]

Sorry.. my bad.. I was doing a partial response filter.

But yes a google bug ... any other request apart from change in orgUnitPath results in a response with value of orgUnitPath..

But if orgUnitPath is in the request ( as is or in tandem with another attribute), it's value is not returned in the response..

Closing this ticket as its not a MA bug