Lastlogin date is not synced in hyprid environment

A.Elrayes 186 Reputation points
2022-09-05T08:00:14.047+00:00

Hello,

I have a hybrid environment and I'm working on a script to get inactive users with more than 90 day from in activity in On-Prim Active Directory.
But when I checked these in active users in O365 I found that they have activities. So, It seems that the last login attribute not synced from Azure AD to On-Prim.
Is there any solution to sync this attribute ?
Can I make a rule in Azure sync rules editor for that ?

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,472 questions
0 comments
Accepted answer
  1. JimmySalian-2011 41,916 Reputation points
    2022-09-05T08:07:55.54+00:00

    Hi,

    The lastlogintime is not synchronised from AAD Connect to Azure AD, reference-connect-sync-attributes-synchronized Check the list of attributes that are sync.

    You can use GraphAPI for extracting the LastLogonTimestamp check this - find-last-login-date-for-all-azure-ad-users-using-powershell.html

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. A.Elrayes 186 Reputation points
    2022-09-05T09:02:37.117+00:00

    @JimmySalian-2011

    I'm using password hash authentication , If I used pass though will help me to update lastlogon OnPrime and get accurate reports ?

    0 comments
  2. JimmySalian-2011 41,916 Reputation points
    2022-09-05T09:28:24.53+00:00

    Hi @A.Elrayes ,

    No it will not make a difference as both are seperate lastlogon has nothing to do with the PasswordHash or Passthrough.

    Please refer this old thread it has similar requirement and answered, as I mentioned that you will have to map via GraphAPI or AAD Sign in reports to confirm the latest signin status and Onprem via the Lastlogintimestamp.

    azure-ad-sync-and-lastlogontimestamp

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

  3. JimmySalian-2011 41,916 Reputation points
    2022-09-05T12:22:27.833+00:00

    Hi,

    The script you are looking for is Export Last login date for all Microsoft 365 Users as this will export all the details of the O365 user accounts.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

    0 comments