turbot/googledirectory
steampipe plugin install googledirectory

Table: googledirectory_user - Query Google Directory Users using SQL

Google Directory is a service within Google Workspace that provides a centralized way to manage and access user account information. It allows administrators to manage users, groups, and devices, as well as to configure security settings for the domain. Google Directory helps to maintain the integrity of the domain's data by providing a structured way to manage user account information.

Table Usage Guide

The googledirectory_user table provides insights into user accounts within Google Workspace. As an IT administrator, explore user-specific details through this table, including email addresses, names, and administrative status. Utilize it to uncover information about users, such as their last login time, whether their account is suspended, and the organizational units to which they belong.

Examples

Basic info

Explore which users have administrative privileges in your Google Directory and when they were created. This can be useful for auditing purposes and ensuring that only authorized individuals have admin access.

select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user;
select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user;

Get user by ID

Discover the details of a specific user in the Google Directory, such as their full name, primary email, and creation time. This can be useful for administrators who need to verify user information or investigate account activity.

select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user
where
id = '119982672925259996273';
select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user
where
id = '119982672925259996273';

Get user by primary email

Discover the details of a specific user by using their primary email. This can be particularly useful for gaining insights into user's profile details, creation time, and customer ID in a business context.

select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user
where
primary_email = 'mscott@dundermifflin.com';
select
full_name,
id,
primary_email,
creation_time,
is_delegated_admin,
customer_id
from
googledirectory_user
where
primary_email = 'mscott@dundermifflin.com';

List administrators

Discover the users who hold administrative or delegated administrative roles in your Google Directory. This can be useful for auditing access control and ensuring only authorized individuals have elevated permissions.

select
id,
full_name,
primary_email,
is_admin,
is_delegated_admin
from
googledirectory_user
where
is_admin
or is_delegated_admin;
select
id,
full_name,
primary_email,
is_admin,
is_delegated_admin
from
googledirectory_user
where
is_admin
or is_delegated_admin;

List users without two-step verification

Discover the segments that have users who haven't enabled two-step verification. This can be beneficial for enhancing the security measures within your organization.

select
id,
full_name,
primary_email,
is_enrolled_in_2sv,
is_enforced_in_2sv
from
googledirectory_user
where
not is_enrolled_in_2sv
or not is_enforced_in_2sv;
select
id,
full_name,
primary_email,
is_enrolled_in_2sv,
is_enforced_in_2sv
from
googledirectory_user
where
not is_enrolled_in_2sv
or not is_enforced_in_2sv;

List users who have not logged in for more than 30 days

The query is used to identify users who have been inactive for over a month. This can be useful for IT administrators to manage user accounts and security, by potentially flagging these accounts for follow-up or deactivation.

select
id,
full_name,
primary_email,
last_login_time
from
googledirectory_user
where
last_login_time < current_timestamp - interval '30 days';
select
id,
full_name,
primary_email,
last_login_time
from
googledirectory_user
where
last_login_time < datetime('now', '-30 days');

List users using the query filter

Discover the segments that include users with a specific attribute in their name. This is useful in scenarios where you need to identify and group users based on shared characteristics for targeted communication or management.

select
id,
full_name,
primary_email,
last_login_time
from
googledirectory_user
where
query = 'givenName:steampipe*';
select
id,
full_name,
primary_email,
last_login_time
from
googledirectory_user
where
query = 'givenName:steampipe*';

Schema for googledirectory_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
addressesjsonbA list of the user's addresses.
agreed_to_termsbooleanIndicates whether the user has completed an initial login and accepted the Terms of Service agreement, or not.
aliasesjsonbA list of the user's alias email addresses.
archivedbooleanIndicates whether an user is archived, or not.
change_password_at_next_loginbooleanIndicates if the user is forced to change their password at next login.
creation_timetimestamp with time zoneSpecifies user's G-Suite account creation time.
custom_schemasjsonbCustom fields of the user.
customer_idtext=The customer ID to retrieve all account users.
deletion_timetimestamp with time zoneSpecifies user's deletion time.
emailsjsonbA list of the user's email addresses.
etagtextA hash of the metadata, used to ensure there were no concurrent modifications to the resource when attempting an update.
external_idsjsonbA list of external IDs for the user, such as an employee or network ID.
family_nametext=The user's last name.
full_nametext=The user's full name formed by concatenating the first and last name values.
gendertextThe user's gender.
given_nametext=The user's first name.
hash_functiontextSpecifies the hash format of the password property.
idtext=The unique ID for the user.
imsjsonbThe user's Instant Messenger (IM) accounts.
include_in_global_address_listbooleanIndicates whether the user's profile is visible in the Google Workspace global address list when the contact sharing feature is enabled for the domain.
ip_whitelistedbooleanIndicates whether the user's IP address is whitelisted, or not.
is_adminboolean!=, =Indicates whether an user have super administrator privileges, or not.
is_delegated_adminboolean!=, =Indicates whether the user is a delegated administrator, or not.
is_enforced_in_2svbooleanIndicates whether the 2-step verification enforced, or not.
is_enrolled_in_2svbooleanIndicates whether an user is enrolled in 2-step verification, or not.
is_mailbox_setupbooleanIndicates whether the user's Google mailbox is created, or not.
keywordsjsonbThe user's keywords.
kindtextThe type of the API resource.
languagesjsonbThe user's languages.
last_login_timetimestamp with time zoneSpecifies user's last login time.
locationsjsonbThe user's locations.
non_editable_aliasesjsonbA list of the user's non-editable alias email addresses.
notesjsonbNotes for the user.
org_unit_pathtextThe full path of the parent organization associated with the user.
organizationsjsonbA list of organizations the user belongs to.
phonesjsonbA list of the user's phone numbers.
posix_accountsjsonbA list of POSIX account information for the user.
primary_emailtext=Specifies the user's primary email address.
querytext=Filter string to [filter](https://developers.google.com/admin-sdk/directory/v1/guides/search-users) users.
recovery_emailtextSpecifies the recovery email of the user.
recovery_phonetextSpecifies the recovery phone of the user.
relationsjsonbA list of the user's relationships to other users.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
ssh_public_keysjsonbA list of SSH public keys.
suspendedboolean!=, =Indicates whether an user is suspended, or not.
suspension_reasontextSpecifies the reason a user account is suspended either by the administrator or by Google at the time of suspension.
thumbnail_photo_etagtextETag of the user's photo.
thumbnail_photo_urltextPhoto Url of the user.
websitesjsonbThe user's websites.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- googledirectory

You can pass the configuration to the command with the --config argument:

steampipe_export_googledirectory --config '<your_config>' googledirectory_user