我对 Google 世界非常陌生,正在尝试完成一些自动化,看看下面的内容是否适用于应用程序脚本。我也不是Java人,所以我尽力了。我们使用 Okta 作为我们的 SSO。用户帐号在该处被暂停后,我希望 GWS 将用户从我们的主组织移至名为“存档用户”的子组织。将用户移至此处后,将许可从“Google Workspace Enterprise Standard”更改为“Google Workspace Enterprise Standard” - 已存档用户'然后将其状态更改为已存档并等待 90 天,然后完全删除该帐户,下面是我拼凑的内容,如果我完全走错了方向,请告诉我。
归档_用户_GWS
function suspendAndArchiveUsers() {
var mainOrgUsers = AdminDirectory.Users.list({
domain: 'domain.com',
query: 'orgUnitPath=/MainOrg and suspended=true'
});
if (mainOrgUsers.users && mainOrgUsers.users.length > 0) {
for (var i = 0; i < mainOrgUsers.users.length; i++) {
var user = mainOrgUsers.users[i];
// Move user to Archive organization
AdminDirectory.Users.update({ orgUnitPath: '/Archived Users', userKey: user.primaryEmail });
// Change license
var licenses = AdminLicenseManager.LicenseAssignments.listForProductAndSku('Google-Apps', '1010020026', { userId: user.primaryEmail });
for (var j = 0; j < licenses.length; j++) {
AdminLicenseManager.LicenseAssignments.remove(licenses[j].resourceId);
}
AdminLicenseManager.LicenseAssignments.insert({
userId: user.primaryEmail,
skuId: '1010340004'
});
// Record timestamp of move
PropertiesService.getUserProperties().setProperty(user.primaryEmail, new Date().getTime());
}
}
}
function deleteUsers() {
var archiveOrgUsers = AdminDirectory.Users.list({
domain: 'domain.com',
query: 'orgUnitPath=/Archived Users'
});
if (archiveOrgUsers.users && archiveOrgUsers.users.length > 0) {
for (var i = 0; i < archiveOrgUsers.users.length; i++) {
var user = archiveOrgUsers.users[i];
var movedTime = PropertiesService.getUserProperties().getProperty(user.primaryEmail);
if (movedTime && (new Date().getTime() - parseInt(movedTime, 10) >= 90 * 24 * 60 * 60 * 1000)) {
// Delete user after 90 days
AdminDirectory.Users.remove(user.primaryEmail);
PropertiesService.getUserProperties().deleteProperty(user.primaryEmail);
}
}
}
}
只需使用 Directory API 设置存档标志即可:
Users.update( {
archived: true,
orgUnitPath: '/Archived Users',
userKey: user.primaryEmail
} )
无需直接更改许可证。