Applies To:
GroupID 8 - Automate
Business Scenario:
This article explains how we can create a group and filter users based on their last logon time using the lastLogonTimestamp attribute.
We have three scenarios here; the first two are pretty simple.
- Scenario 1 - Filter all users who logged on at any time
- Scenario 2 - Filter users who never logged on
- Scenario 3 - Filter all users who did not log on during the last x number of days
Scenario 1 - Filter all users who logged on at any time
Use any of the following queries in the Query Designer:
| lastLogonTimestamp IS Present (&(&(objectCategory=person)(objectClass=user))(lastLogonTimestamp=*)) |
Or
| lastLogonTimestamp IS GreaterThan 0 (&(&(objectCategory=person)(objectClass=user))(lastLogonTimestamp>=0)) |
Scenario 2 - Filter users who never logged on
Use the following query in the Query Designer:
| lastLogonTimestamp IS NOT Present (&(&(objectCategory=person)(objectClass=user))(!lastLogonTimestamp=*)) |
Scenario 3 - Filter all users who did not log on during the last x number of days
Now, this is challenging and interesting for two reasons; firstly we need a comparison with the current date. Secondly, the lastLogonTimestamp attribute is a long Integer and we need to perform a conversion in order to compare. (Click here for conversion).
It's challenging but not impossible for GroupID Automate. Let's do it by following the steps below.
Steps:
- In GroupID Management Console, select Automate > right-click All Groups > New > Smart Group.
- Go through the pages of the New Smart Group wizard until you reach the Query Options page.
- Click Modify to launch the Query Designer dialog box.
- On the Identity Store tab, apply the query as below (note that I am also including users who never logged on; if you do not want never logged on users, just use the first criterion):
- Click OK to close the Query Designer and continue with the wizard.
- On the Update Options page, select the Update Later and Choose Later option buttons.
- Complete the wizard to create the Smart Group.
- Now right-click this new Smart Group and select Modify Query on the shortcut menu.
- On the Smart Script tab of the Query Designer, click the Edit Script button.
- In the Script Editor, scroll down to 'Sub ATM_BuildQuery' and add the following script. The script will look for objects that have not logged on in the last 30 and more days; you can change the number of days by changing ‘-30’ (shown in red).
dim path As String = "C:\LogUpdating.txt"
Using bw As StreamWriter = File.CreateText(path)
bw.writeline("Entering Membership Updating")
Dim OtherDate as string
OtherDate = DateAdd(DateInterval.DayOfYear,-30,DateTime.Now).ToFileTimeUtc
bw.writeline(OtherDate)
args.criteria = string.Format(args.criteria, OtherDate)
End Using -
Click Build > Compile Script on the menu.
- Click File > Exit; then click Yes to save the changes.
- Click OK to close the Query Designer.
- Right-click the group and select Update on the shortcut menu to verify the results.
| Known Issue: | When we apply a script, the results cannot be previewed using the Query Designer's Preview button. |
References:
- GroupID Online Help topic: Query Designer dialog box
- Convert Long Integer to Date