Script repository
The script checks whether the last logon date of the related Entra user account equals the current date. To execute the script, use the If PowerShell script returns true condition in a business rule, custom command or scheduled task configured for the User object type.
In the script, the $daysToAdd variable specifies the number of days to deduct from the current date for comparison with the Last Logon Timestamp property of the Entra ID account.
$daysToAdd = -14 # TODO: modify me
$Context.ConditionIsMet = $False
# Bind to Entra account
try
{
$guid = $Context.TargetObject.Get("adm-AzureId")
}
catch
{
return
}
$entraAccount = $Context.BindToObject("Adaxes://<GUID=$guid>")
# Get Entra last logon date
try
{
# Output Last Logon date/time
$lastLogonTimeStamp = $entraAccount.Get("lastLogonTimestamp")
$lastLogonTime = [DateTime]::FromFileTime([Int64]::Parse($lastLogonTimestamp))
}
catch
{
return
}
# Compare dates
$compareDate = ([System.DateTime]::UtcNow).AddDays($daysToAdd)
$Context.ConditionIsMet = $lastLogonTime.Date -eq $compareDate.Date
Comments 6
You must be signed in to comment.
Jacob Chugg
I was referred to this script for my post in Q&A.
I'm trying to leverage a scheduled task that checks if a user has logged in in the last 30 days and if they haven't it disables them and moves to a specific OU.
Currently the scheduled task works but is only leveraging the AD login values and not AAD.
I've made a custom command with the script above that says if script returns true then disable account and move user to specified OU etc. When testing on a user that does not have recent sign in data from AAD it's performing no operations aka not returning a true statement from the script. The only code we modified to fit our needs was the last line going from -eq to -lt.
Anything i'm misunderstanding?
Support
Hello Jacob,
Do you see the Entra account in Adaxes? What value does it have in the lastLogonTimestamp property?
Jacob Chugg
Yes I can see the Entra account in AD but there is no lastLogonTimestamp attribute for users under that domain
Support
Hello Jacob,
It means that the account never logged in to Microsoft Entra. For such users the condition is never met.
Jacob Chugg
The LastLogonTimestamp attribute does not exist for any user under the Azure AD domain registered to our administration console. It's not that it is blank, it is just not an attribute
Support
Hello Jacob,
How exactly are you checking? For troubleshooting purposes, please, send us screenshots of the steps at support@adaxes.com. Any additional information will be much appreciated.