OrgUnit Not Found using Google Directory API

Question

Procedure

I'm going to:

1. Get a OrgUnit from the Google Directory API
2. Read the OrgUnit and collect the required Data
3. Try to delete the OrgUnit I just collected.

This somehow results in a 404 [Not Found] Error
Please keep in mind that the DirectoryService Class I am using, is working properly.
I modified the code in this example to make it easy to read, for example: Exception handling is not included etc.

The API

using Google.Apis.Admin.Directory.directory_v1

1. Get a OrgUnit from the Google Directory API

DirectoryService directoryService = ServiceInitializers.InitializeDirectoryService();
OrgUnit oUnit = directoryService.Orgunits.List(Settings.customerId).Execute().OrganizationUnits.FirstOrDefault();

2.Read the OrgUnit and collect the required Data

string orgUnitPath = oUnit.OrgUnitPath;

3.Try to delete the OrgUnit I just collected

var orgUnitDeleteResult = directoryService.Orgunits.Delete(Settings.customerId, orgUnitPath).Execute();

The Exception

GoogleApiException was unhandled

An unhandled exception of type 'Google.GoogleApiException' occurred in Google.Apis.dll

Additional information: Google.Apis.Requests.RequestError Org unit not found [404]

Answer 1

My reputation isn't high enough to add a comment to get clarification before posting an answer, so I'll have to make some assumptions here.

First assumption is that you're using a service account to access the API.

Second assumption is that you've got a certificate from your Google administrative control panel and that's all in order.

I had a similar issue when I was updating user accounts through the API, and what fixed it for me was having a directory administrator account act as a delegate for the service account.

Here's the code I use to initialize my Google Directory Service.

private static DirectoryService initializeGoogleDirectoryService()
{
    try
    {
        String serviceAccountEmail = "[email protected]";

        var certificate = new X509Certificate2(@"your_certificate_name.p12", "your_secret", X509KeyStorageFlags.Exportable);

        // For the service account to work, a user with admin privs must be assigned as the delegate.
        ServiceAccountCredential credential = new ServiceAccountCredential(
           new ServiceAccountCredential.Initializer(serviceAccountEmail)
           {
               // Change the scope here to the one you need to modify org units.
               Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser },
               User = "administrator_account@your_google_apps_domain.com"
           }.FromCertificate(certificate));

        // Create the service.
        var service = new DirectoryService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "Your_Application_Name"
        });

        return service;
    }
    catch (Exception ex)
    {
        // Exception handling code below.
        return null;
    }
    finally
    { 
    }
}