Is there a way IdentityNow can retrieve the lastlogontimestamp attribute from an AD source and it is already converted to the local timezone of the AD server it was retrieved from?
I would prefer a similar format to the lastlogon or lastlogondate attributes from AD. just couldn’t use lastlogon because that not replicated accross domain controllers and the lastlogondate is a powershell locally calculated attribute. Thanks!
Hi Renz,
Yes you can read lastLogonTimeStamp attribute from AD configuring it in the AD schema and aggregating it over into IDN.
You can create an Identity attribute for this field and convert it into ISO8601 format.
{
"name": "Transform LastLogon Timestamp",
"type": "dateCompare",
"attributes": {
"type": "dateFormat",
"attributes": {
"input": {
"type": "firstValid",
"attributes": {
"values": [
{
"attributes": {
"sourceName": "Active Directory",
"attributeName": "lastLogonTimeStamp"
},
"type": "accountAttribute"
},
"135379419570000000" //default value
]
}
},
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "ISO8601"
}
},
"internal": false
}
A small correction in the transform provided by @shaileeM, the transform will have only dateFormat, you do not have to use dateCompare. Please see the updated transform.
{
"name": "Transform LastLogon Timestamp",
"type": "dateFormat",
"attributes": {
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "ISO8601",
"input": {
"type": "firstValid",
"attributes": {
"values": [
{
"attributes": {
"sourceName": "Active Directory",
"attributeName": "lastLogonTimeStamp"
},
"type": "accountAttribute"
},
"135379419570000000"
]
}
}
},
"internal": false
}
Regards,
Shekhar Das
thanks @shekhardas1825
Thanks! tried this out, it does give a user friendly format but it is still not showing the current Timezone of the DC server it was retrieved from
It should be the same time as with the Identity Value.
@renzambos you can achieve this using date dateMath transform.
Based on these you need to write dateMath transform, which will give you a desired output.
Date Math | SailPoint Developer Community
Regards,
Shekhar Das
Hi @renzambos ,
You can try below, though I haven’t tested it, it should be able to give you the format you are looking for:
{
"name": "Transform LastLogon Timestamp",
"type": "dateFormat",
"attributes": {
"inputFormat": "EPOCH_TIME_WIN32",
"outputFormat": "dd/MM/yyyy HH:mm a z",
"input": {
"type": "firstValid",
"attributes": {
"values": [
{
"attributes": {
"sourceName": "Active Directory",
"attributeName": "lastLogonTimeStamp"
},
"type": "accountAttribute"
},
"135379419570000000"
]
}
}
},
"internal": false
}
For desired formats, you can take a look at this SimpleDateFormat (Java Platform SE 8 ) (oracle.com). The Date format transform ( Date Format | SailPoint Developer Community) supports this.
For the desired timezone conversion, yes agree with @shekhardas1825, that you can use Date Math transform.
Hope this helps.
Thanks,
Shailee
Thanks for the answers. We already have a transform that does the datemath similar to the DC timezone. it’s just that we have Daylight savings, and those transforms would need to be updated twice a year manually using this.
There was a suggestion to use workflows to update the transforms when daylight savings starts and ends but we are looking for a simpler way to do it like retrieve the calculated date time from the DC servers directly based on timezone and daylight savings, if there are any.
@renzambos yes to handle daylight savings you can use workflow which can update transform.
Seems like that would be simple than a transform.
Regards,
Shekhar Das
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.