how to update the lastlogontimestamp? What exactly triggers the update of the LastLogonTimeStamp?


  • I have a batch script in AD, looking for users with no logon detected in the last 120 days.

    the command line, based on another script to check the LastLogonTimeStamp 

    ... Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} ...

    ... for /f "delims=" %%f in (%OUTPUTCSVFILE%) do dsmod user %%f -disabled yes ...

    Running on a WIn2008R2 DC, every day

    But i have several users outside of the company and they rearely are inside the company, the´re reading Office65 E-Mail but not using other systems integrated with AD, so, these users got disabled after the 120-day period

    One of the solutions: if Office365 could send info to AD regarding the LastLogonTimeStamp, i don´t think is feasible now

    Another: Ask user to connecto to VPN from time to time to update the  LastLogonTimeStamp

    Besides VPN integrated with my AD, there are another ways to update the LastLogonTimeStamp?

    For instance, i have sharepoint a LOB app (in-house development) and a TS/RDP deployment, all avalable in Internet via https, these applications could be use too, to update the LastLogonTimeStamp

    What exactly triggers the update of the LastLogonTimeStamp?

    Thursday, April 6, 2017 5:06 PM


All replies