Transform - AD LastLogonTimeStamp

Having an issues with a transform that is using the Active Directory Last Logon Date. The error that I am getting is “There was an exception while calculating the value for this attribute. Error rendering template: $lastLogonTimeStamp”.

I broke out the top part for “lastLogonTimeStamp” into its own transform and it brought back the correct date in ISO8601 format.

I checked the eightMonthsAgo as well and that brings back the correct date with and ISO8601 format.

It seems like the firstDate can not find the $lastLogonTimeStamp section or it isn’t holding the value. Not exactly sure but any suggestions or help would be greatly appreciated.

{
    "id": "6236de82-88e5-4174-ab4e-97e2125fabf8",
    "name": "Lifecycle State Transform",
    "type": "static",
    "attributes": {
        "lastLogonTimeStamp": {
            "type": "firstValid",
            "attributes": {
                "values": [
                    {
                        "type": "dateFormat",
                        "attributes": {
                            "input": {
                                "type": "accountAttribute",
                                "attributes": {
                                    "sourceName": "Active Directory",
                                    "attributeName": "lastLastLogonTimeStamp"
                                }
                            },
                            "inputFormat": "EPOCH_TIME_WIN32",
                            "outputFormat": "ISO8601"
                        }
                    },
                    {
                        "type": "static",
                        "attributes": {
                            "value": "1970-01-01T00:00:00.000Z"
                        }
                    }
                ]
            }
        },
        "eightMonthsAgo": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "dateMath",
                    "attributes": {
                        "expression": "now-8M"
                    }
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "isInactive": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": "$lastLogonTimeStamp",
                "secondDate": "$eightMonthsAgo",
                "operator": "lte",
                "positiveCondition": "inactive",
                "negativeCondition": "active"
            }
        },
        "value": "$isInactive"
    },
    "internal": false
}

Hi @matt_giblin

I think the issue is with the attributeName below the sourceName. Is it “lastLastLogonTimeStamp” ?

Please replace "lastLastLogonTimeStamp" with "lastLogonTimeStamp"

“attributes”: {
“sourceName”: “Active Directory”,
“attributeName”: “lastLogonTimeStamp"
}```

There are some mistakes in your Transform, here is the similar working Transform. You can make use of it.

{
    "name": "AD 90 Days Inactive DateCompare Transform",
    "type": "dateCompare",
    "attributes": {
        "positiveCondition": "Disabled by SailPoint",
        "negativeCondition": {
            "attributes": {
                "attributeName": "description",
                "sourceName": "Test AD"
            },
            "type": "accountAttribute"
        },
        "firstDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "firstValid",
                    "attributes": {
                        "values": [
                            {
                                "attributes": {
                                    "attributeName": "lastLogonTimestamp",
                                    "sourceName": "Test AD"
                                },
                                "type": "accountAttribute"
                            },
                            "441166176010000000"
                        ]
                    }
                },
                "inputFormat": "EPOCH_TIME_WIN32",
                "outputFormat": "ISO8601"
            }
        },
        "secondDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "attributes": {
                        "expression": "now-90d/d",
                        "roundUp": true
                    },
                    "type": "dateMath"
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "operator": "lt"
    },
    "internal": false
}
1 Like

@MVKR7T Thank you for the reply. I tried your transform and I am not getting the error that I originally reported but I am also not getting the results correctly. I tested by breaking up the transform into two parts. I just created two identityAttributes and 2 transforms one for firstDate and one for secondDate to make sure that I was getting the dates back correctly.

In my first test: firstDate is My Source (Active Directory) and accountAttribute "lastLogonTimeStamp) equals 2024-04-24T12:50:19.654Z. The secondDate is now-8M equals 2023-08-29T03:59:00.000Z. with the operator equal to “lt” (less than). This should result in a negative result which is “active”.

My second test: firstDate is My Source (Active Directory) and accountAttribute (lastLogonTimeStamp) equals to a null (no logon date) but the script has a firstValid and a default date of 1970-01-01T00:00:00.000Z. The secondDate is now-8M equals 2023-08-29T03:59:00.000Z. with the operator equal to “lt” (less than). This should result in a negative result which is “active”. This should have been a positive condition and equal “inactive”.

The transform like my original doesn’t seem to be reading the conditions correctly with Date Compare. Am I doing something wrong?

@rajeshs Thank you for responding. You are correct that was a misspelling on my part. Even with that fixed I am still getting the same error message as originally reported.

@matt_giblin if you are using lastLogonTimeStamp attribute you will have to use EPOCH_TIME_JAVA. If you are using lastLogon attribute then EPOCH_TIME_WIN32 will be useful. Do try it out once as I remember this behavior from one of the previous engagements

Get me your updated Transform, I will debug it.

{
    "id": "5b1c9462-3e6b-49c9-a844-8bba4c2dc5a5",
    "name": "AD 90 Days Inactive DateCompare Transform",
    "type": "dateCompare",
    "attributes": {
        "positiveCondition": "inactive",
        "negativeCondition": "active",
        "firstDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "firstValid",
                    "attributes": {
                        "values": [
                            {
                                "attributes": {
                                    "sourceName": "Active Directory",
                                    "attributeName": "lastLogonTimeStamp"
                                },
                                "type": "accountAttribute"
                            },
                            "441166176010000000"
                        ]
                    }
                },
                "inputFormat": "EPOCH_TIME_WIN32",
                "outputFormat": "ISO8601"
            }
        },
        "secondDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "attributes": {
                        "expression": "now-8M",
                        "roundUp": true
                    },
                    "type": "dateMath"
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "operator": "lt"
    },
    "internal": false
}

@gvscdeep1 Thank you for the reply. I tested what you suggested with EPOCH_TIME_JAVA and WIN32 and got the same error. "Error rendering template: $lastLogon.

What is interesting is that if I hard code in the dates for firstDate and secondDate i get the results I am looking for. If I pull out each second and make it its own transform I get the date result correctly. It is when I combine them and using the variable (firstDate = $lastLogon or secondDate = @eightMonthsAgo) do I get an issue.

Am I not setting up these sections correctly for velocity templating to call it correctly?

{
    "id": "6236de82-88e5-4174-ab4e-97e2125fabf8",
    "name": "Lifecycle State Transform",
    "type": "static",
    "attributes": {
        "lastLogon": {
            "type": "firstValid",
            "attributes": {
                "values": [
                    {
                        "type": "dateFormat",
                        "attributes": {
                            "input": {
                                "type": "accountAttribute",
                                "attributes": {
                                    "sourceName": "Active Directory",
                                    "attributeName": "lastLogonTimeStamp"
                                }
                            },
                            "inputFormat": "EPOCH_TIME_WIN32",
                            "outputFormat": "ISO8601"
                        }
                    },
                    {
                        "type": "static",
                        "attributes": {
                            "value": "1970-01-01T00:00:00.000Z"
                        }
                    }
                ]
            }
        },
        "eightMonthsAgo": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "dateMath",
                    "attributes": {
                        "expression": "now-8M"
                    }
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "isInactive": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": "$lastLogon",
                "secondDate": "2023-08-29T11:49:00.000Z",
                "operator": "lte",
                "positiveCondition": "inactive",
                "negativeCondition": "active"
            }
        },
        "value": "$isInactive"
    },
    "internal": false
}

I tested the below Transform and is working fine.

{
    "id": "301a6705-50dd-45d9-b347-991035058751",
    "name": "AD 90 Days Inactive DateCompare Transform",
    "type": "dateCompare",
    "attributes": {
        "positiveCondition": "true",
        "negativeCondition": "false",
        "firstDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "firstValid",
                    "attributes": {
                        "values": [
                            {
                                "attributes": {
                                    "attributeName": "lastLogonTimestamp",
                                    "sourceName": "Test AD"
                                },
                                "type": "accountAttribute"
                            },
                            "441166176010000000"
                        ]
                    }
                },
                "inputFormat": "EPOCH_TIME_WIN32",
                "outputFormat": "ISO8601"
            }
        },
        "secondDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "attributes": {
                        "expression": "now-8M",
                        "roundUp": true
                    },
                    "type": "dateMath"
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "operator": "lt"
    },
    "internal": false
}
1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.