If you’re managing users on site, and using Google for Education/Business to handle mail and calendars, you’re going to have to change passwords, change usernames, suspend and restore.  Thankfully, all of these things are straightforward with the new Admin SDK API.  All of them are handled through the Directory User object.

Change Username

Changing a user’s username is as simple as setting a new Primary Email.  The Google API takes care of the additional detail of aliasing the old username, so setting the new email as primary automatically sets the old one as an alias.

Update (28 Jan. 2015) We already had a username snafu because the update script can take a username as a key, but if the username passed as the $old_email is an alias, the system will take the alias as the primary email address and make the change. In our case, the sysem of record somehow had not maintained a username change (or an admin made a change in Google Apps only), so when a username was changed, it conflicted with an existing alias, and then hilarity ensued. (More like weeping and gnashing of teeth, actually.) You can determine if a username is the “primaryEmail” or an alias, and then determine what to do. Google Apps API allows us to update a user with the Unique Google ID, so this allows us to make sure we don’t overwrite the username of an existing aliased user.

$new_email = "somethingnew@example.com";
$old_email = "somethingold@example.com";

$id = $dir->users->get($old_email);
$unique_google_id = $id['id'];
if($id['primaryEmail'] == $old_email) {
        // if primary email is old username we can assume that there is no problem changing the username
        $user->setPrimaryEmail($new_email);
        try {
                $updateUserResult = $dir->users->update($unique_google_id,$user);
                if(isset($updateUserResult->primaryEmail)) {
                        echo "Google Apps says:\n".$updateUserResult->primaryEmail." is now the primary email address.\n";
                        echo "$old_email has been retained as an alias.\n";
                }
        } catch (Google_IO_Exception $gioe) {
                echo "Error in Google connection: ".$gioe->getMessage();
        } catch (Google_Service_Exception $gse) {
                echo "User already exists in Google Apps: ".$gse->getMessage();
        }
} else {
        // if primary email is not the old username, there must be an alias.  we should verify this manually
        echo "Google Apps says: $old_email appears to be an alias for ".$id['primaryEmail'].".\n";
        echo "To avoid username change conflict please double check this username change in Google Apps and CRM.\n";
}

Suspend/Unsuspend

Suspending and restoring are essentially the same as setting an alias.  Once the User object has been set, you simply need to call the update function on the Directory User object.

$user->setSuspended(true);
# or
$user->setSuspended(false);
$suspendResult = $dir->users->update($username,$user);

Reset Password

Reset password requires an extra step.  In order for the password to be properly stored, you need to also tell Google what the hash algorithm is.  So, when setting user details, make sure to set the hash function, otherwise the password update will fail:

$user->setPassword(hash("sha1",'newPassword1234'));
$user->setHashFunction("SHA-1");

And a whole lot more…

There’s an enormous number of things that you can do with the Google Admin SDK API.  In fact, almost everything you do in the Google Admin Interface can be done through your API calls.

3 thoughts on “Google Admin SDK (PHP) – User Updates

  1. This might seem really dumb, but I was having problems properly getting the user object and resetting the password… To get the user object, would it be something like….

    $client = getClient();
    $service = new Google_Service_Directory($client);
    $user= $service->users->get(“user@useremail.net”);

    Then after getting the user to update the password, following your guide, I would then…

    $user->setPassword(hash(“sha1”,’newPassword1234′));
    $user->setHashFunction(“SHA-1”);

    If you have time, could you let me know if I am on the right track? I appreciate any help, thanks!!! I think I am doing something wrong and I am having a hard time figuring it out.

    1. You’re on the right track.

      If I remember correctly, in order to make changes at the user level, you actually need to get the unique Google Id for the user:

      $dir = new Google_Service_Directory($client);
      $user = new Google_Service_Directory_User();
      $id = $dir->users->get($email);
      $unique_google_id = $id['id'];
      $user->setPassword(hash(“sha1”,’newPassword1234?));
      $user->setHashFunction(“SHA-1”)
      $dir->users->update($unique_google_id,$user);
      
  2. Thank you so much for your help Michael! That got it working. I also was able to add in the code below to force them to change the password at next login.

    $user->changePasswordAtNextLogin = “true”; ..(for anyone else who might want this..)

    I really appreciate your guides, info, and help!

    Dustin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.