Google Workplace Archived user suspended
I'm using Directory API to fetch users.
Some archived users are returning Suspended = True and others Suspended = False. How can it happen? From my understanding an archived user can't be Suspended.
Moreover, when I look at my admin page both of then are Suspended (image bellow)
Can anyone explain me why this is happening, and if it's normal, is there any risk if an archived user is not suspended?
If you open the image you can see inside the red box that both users are suspended. yes for sure:
"kind":"admin#directory#user",
"id":"10901XXXXXX620",
"etag":"\"SEQQBYC70u6XXXXNYw6b0a5EzY0mTMShjiZga8A/yP85WF6T0tk9a_pgQVEqRq9kHtY\"",
"primaryEmail":"ad....@aaa.com",
"name":{
"givenName":"Aaaa",
"familyName":"John",
"fullName":"Aaaaa John"
},
"isAdmin":false,
"isDelegatedAdmin":false,
"lastLoginTime":"2022-01-10T20:35:25.000Z",
"creationTime":"2020-10-15T22:40:55.000Z",
"agreedToTerms":true,
"suspended":false,
"archived":true,
"changePasswordAtNextLogin":false,
"ipWhitelisted":false,
"emails":[
{
"address":"ad....@aaa.com",
"primary":true
}
],
"languages":[
{
"languageCode":"pt",
"preference":"preferred"
}
],
"customerId":"C00pnlc1u",
"orgUnitPath":"/Suspensos",
"isMailboxSetup":true,
"isEnrolledIn2Sv":true,
"isEnforcedIn2Sv":true,
"includeInGlobalAddressList":true,
"thumbnailPhotoUrl":"https://www.google.com/s2/photos/private/AIbEiAIAAABDCPSAwvv50PWPfSILdmNhcmRfcGhvdG8qKDFhZWFiOTk4NzM5NDY1MjJlOWE4MmE0ODgxMzc3MjM4MzJiYzYyNDUwAUuoUxHJzf7midKhUvdRVmS3n2UE",
"thumbnailPhotoEtag":"\"SEQQBYC70u6XQ2UUjmjNYw6b0a5EzY0mTMShjiZga8A/hU3SJUEhoSHtQtx1ZyG7nXFnWgw\"",
"recoveryEmail":"aaaa@gmail.com"
}```
What you can see in the red box in the screenshots is just the organizational unit where the user has been located in the Admin console, however that is just a name for the OU and does reflect the actual user status.
The user status can be seen below the user's profile picture as you can see in the following screenshot:
As you can see the name of the OU is Test OU Suspended, but the user status is Active so the name of the OU does not reflect the user status.
So in your case this means that the user was archived correctly but is not necessarily suspended. Now to answer your question:
Can anyone explain me why this is happening, and if it's normal, is there any risk if an archived user is not suspended?
You may not need the user to be suspended as it has already been archived. When archiving a user it enters into a partial suspension state where according to the official documentation this is what happens to the archived account:
- Can’t sign in to their Google Account, on any system. This includes Google Workspace services, such as Gmail, Google Calendar, and Drive.
- Don’t appear in the Global Address List. In user directory listings, the user appears with archived status. Learn about the Global Address List.
- Can be deleted or unarchived, but not suspended in the Admin console.
The documentation also mentions the following:
- You can archive both active and suspended users. If you unarchive a user, they return to their previous state and regain access to all their previous data.
In conclusion there is nothing wrong if the user is suspended or not, this just means that if an archived user returns True in the Suspended parameter when using the API this is just to save the status it had before being archived so that in case you decide to unarchive it later on it returns back to that specific state.
References: