google-admin-sdkgoogle-workspacegoogle-groupsgoogle-groups-api

Find all Google Groups with members with emails from a specific domain


My org uses Google Groups for Drive and site access for external parties. I need to make sure that all members from a specific domain are removed from all the groups they may be in.

I've tried finding an appropriate report or audit in Workspace Admin but I can't find one that would give a complete picture.

I'm sure there's a way to do this through the API but I'm not a developer and my ability to interact with it is limited to the little example operations they give you on the SDK page.

Even if I could just get an exhaustive list of all members and their groups, I could complete this task. Add-ons would be a nice tool if there are any quality, trusted group manager add-ons out there.


Solution

  • I created the following sample script using Google Apps Script that accomplishes what you are looking for. All you need is to change the domain variable so that it contains the domain of the users that you want to delete.

    What the script does is to get the list of users from all the groups, then compares which users have the specified domain in their email address and removes them from the group.

    Here is the code:

    function removeExternals()
    {
      let domain = "domain.com";
      let groups;
      let users;
      let externalUsers = [];
      groups = AdminDirectory.Groups.list({"customer": "my_customer"});
      let groupsIds = [groups.groups.length];
      for(let i=0; i< groups.groups.length; i++)
      {
        groupsIds[i] = groups.groups[i].id;
        users = AdminDirectory.Members.list(groupsIds[i]);
        for(let x=0; x< groups.groups[i].directMembersCount;x++)
        {
          try
          {
            if(users.members[x].email.search(domain)!=-1)
            {
              //externalUsers.push(users.members[x].email);
              AdminDirectory.Members.remove(groupsIds[i], users.members[x].email);
              Logger.log(`Deleted: ${users.members[x].email}`);
            }
          }
          catch{};
        }
      }
    }
    

    To test it out you can just create a project in Google Apps Script, paste the code there and change the domain variable (make sure at least one user with that domain is part of a group). You also need to add the Admin SDK API service to Google Apps Script first by clicking Services then click Admin SDK API and then click Add.

    References: