Liongard Ideas Portal

Submit and upvote ideas to make Liongard better. You get 20 votes so vote wisely. 🙂

To learn more about our Ideas Portal, check out our FAQs.
To schedule a feedback session with a member of the Liongard Research Team, click here.

See what we've shipped by clicking here!

Use Active Directory attribute, LastLogonTimestamp, for Stale User Accounts

Currently, rules and any metrics custom-built use the LastLogon attribute from Active Directory to determine stale accounts but using this attribute can lead to incorrect data since this attribute only provides the last logon date to that specific domain controller and not for the entire domain. Can result in user accounts being identified as stale when they have actually logged into the domain more recently, just a different domain controller performed the authentication.

  • Derek
  • Sep 3 2020
  • Future Consideration
Last Reviewed Date 2021-04-09
  • Attach files
  • Derek commented
    22 Sep, 2020 09:47pm

    This idea can be disregarded. Upon further inspection of dataprint objects saw an attribute called DaysSinceLastLogin (not an attribute of a user object in Active Directory) and this attribute correlates with the LastLogonTimestamp attribure in Active Directory.