none
LastLogonTimeStamp API

    Question

  • Hi There,

    I need to find out what API gets called for in order to refresh the lastLogonTimestamp in Active Directory when a user logs in and how does the API get called for.

    Any help regarding the same will be much appreciated.

    Tuesday, April 4, 2017 7:56 PM

All replies

  • not sure if this helps but

    https://msdn.microsoft.com/en-us/library/ms676824%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

    the directory service authentication happens and thats when the lastlogontimestamp is updated.

    Tuesday, April 4, 2017 9:54 PM
  • This blog post discusses when the attribute gets updated:

    https://blogs.technet.microsoft.com/askds/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works/


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, April 5, 2017 1:53 AM
  • Hi Richard,

    Thanks for your response. The article that you shared was great. However that still leaves my question unanswered.

    I wanted to know if there is an API call that gets called for when the LastLogonTimeStamp gets refreshed. If yes than what is that API?

    Can this API be used in an application to update the LastLogonTimeStamp?

    Wednesday, April 5, 2017 1:24 PM
  • The attribute can only be updated by the system (meaning Active Directory). Even if we had access to the source code and identified the method that updates lastLogonTimestamp, attempting to call it would raise an error.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, April 5, 2017 2:28 PM
  • Devensuji

    You could use powershell and run as a schedule task to check if it has changed for example I wrote the following:

    $CSVPath = "$env:HOMEDRIVE:\LastlogonScript:\lastlogon.csv"

    $Users = Import-Csv $CSVPath

    Foreach ($user in $Users)
    {

        If ((get-aduser -Identity $user.identity -Properties lastLogonTimestamp).lastLogonTimestamp `
        -ne $user.lastLogonTimestamp)
        {

        #Do something

        }

    }

    Get-ADUser * -Properties lastLogonTimestamp | Export-Csv $CSVPath

    • Proposed as answer by Adam Devino Saturday, April 8, 2017 1:27 AM
    Wednesday, April 5, 2017 2:46 PM
  • Ok. Now i get that. Thanks a lot for your response.
    Friday, April 7, 2017 11:00 AM
  • Hey Adam,

    Thanks for your assistance.

    Friday, April 7, 2017 11:00 AM
  • Hey Adam,

    Thanks for your assistance.

    Glad to help. Be sure to mark as answered if this works for you.
    Friday, April 7, 2017 2:26 PM