Transform - AD LastLogonTimeStamp

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Having an issues with a transform that is using the Active Directory Last Logon Date. The error that I am getting is “There was an exception while calculating the value for this attribute. Error rendering template: $lastLogonTimeStamp”.

I broke out the top part for “lastLogonTimeStamp” into its own transform and it brought back the correct date in ISO8601 format.

I checked the eightMonthsAgo as well and that brings back the correct date with and ISO8601 format.

It seems like the firstDate can not find the $lastLogonTimeStamp section or it isn’t holding the value. Not exactly sure but any suggestions or help would be greatly appreciated.

{
“id”: “6236de82-88e5-4174-ab4e-97e2125fabf8”,
“name”: “Lifecycle State Transform”,
“type”: “static”,
“attributes”: {
“lastLogonTimeStamp”: {
“type”: “firstValid”,
“attributes”: {
“values”: [
{
“type”: “dateFormat”,
“attributes”: {
“input”: {
“type”: “accountAttribute”,
“attributes”: {
“sourceName”: “Active Directory”,
“attributeName”: “lastLastLogonTimeStamp”
}
},
“inputFormat”: “EPOCH_TIME_WIN32”,
“outputFormat”: “ISO8601”
}
},
{
“type”: “static”,
“attributes”: {
“value”: “1970-01-01T00:00:00.000Z”
}
}
]
}
},
“eightMonthsAgo”: {
“type”: “dateFormat”,
“attributes”: {
“input”: {
“type”: “dateMath”,
“attributes”: {
“expression”: “now-8M”
}
},
“inputFormat”: “yyyy-MM-dd’T’HH:mm”,
“outputFormat”: “ISO8601”
}
},
“isInactive”: {
“type”: “dateCompare”,
“attributes”: {
“firstDate”: “$lastLogonTimeStamp”,
“secondDate”: “$eightMonthsAgo”,
“operator”: “lte”,
“positiveCondition”: “inactive”,
“negativeCondition”: “active”
}
},
“value”: “$isInactive”
},
“internal”: false
}

2

Hi @matt_giblin

I think the issue is with the attributeName below the sourceName. Is it “lastLastLogonTimeStamp” ?

Please replace "lastLastLogonTimeStamp" with "lastLogonTimeStamp"

“attributes”: {
“sourceName”: “Active Directory”,
“attributeName”: “lastLogonTimeStamp"
}```
3

There are some mistakes in your Transform, here is the similar working Transform. You can make use of it.

{
    "name": "AD 90 Days Inactive DateCompare Transform",
    "type": "dateCompare",
    "attributes": {
        "positiveCondition": "Disabled by SailPoint",
        "negativeCondition": {
            "attributes": {
                "attributeName": "description",
                "sourceName": "Test AD"
            },
            "type": "accountAttribute"
        },
        "firstDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "firstValid",
                    "attributes": {
                        "values": [
                            {
                                "attributes": {
                                    "attributeName": "lastLogonTimestamp",
                                    "sourceName": "Test AD"
                                },
                                "type": "accountAttribute"
                            },
                            "441166176010000000"
                        ]
                    }
                },
                "inputFormat": "EPOCH_TIME_WIN32",
                "outputFormat": "ISO8601"
            }
        },
        "secondDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "attributes": {
                        "expression": "now-90d/d",
                        "roundUp": true
                    },
                    "type": "dateMath"
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "operator": "lt"
    },
    "internal": false
}
4

@MVKR7T Thank you for the reply. I tried your transform and I am not getting the error that I originally reported but I am also not getting the results correctly. I tested by breaking up the transform into two parts. I just created two identityAttributes and 2 transforms one for firstDate and one for secondDate to make sure that I was getting the dates back correctly.

In my first test: firstDate is My Source (Active Directory) and accountAttribute "lastLogonTimeStamp) equals 2024-04-24T12:50:19.654Z. The secondDate is now-8M equals 2023-08-29T03:59:00.000Z. with the operator equal to “lt” (less than). This should result in a negative result which is “active”.

My second test: firstDate is My Source (Active Directory) and accountAttribute (lastLogonTimeStamp) equals to a null (no logon date) but the script has a firstValid and a default date of 1970-01-01T00:00:00.000Z. The secondDate is now-8M equals 2023-08-29T03:59:00.000Z. with the operator equal to “lt” (less than). This should result in a negative result which is “active”. This should have been a positive condition and equal “inactive”.

The transform like my original doesn’t seem to be reading the conditions correctly with Date Compare. Am I doing something wrong?

5

@rajeshs Thank you for responding. You are correct that was a misspelling on my part. Even with that fixed I am still getting the same error message as originally reported.

6

@matt_giblin if you are using lastLogonTimeStamp attribute you will have to use EPOCH_TIME_JAVA. If you are using lastLogon attribute then EPOCH_TIME_WIN32 will be useful. Do try it out once as I remember this behavior from one of the previous engagements

7

Get me your updated Transform, I will debug it.

8

{
“id”: “5b1c9462-3e6b-49c9-a844-8bba4c2dc5a5”,
“name”: “AD 90 Days Inactive DateCompare Transform”,
“type”: “dateCompare”,
“attributes”: {
“positiveCondition”: “inactive”,
“negativeCondition”: “active”,
“firstDate”: {
“type”: “dateFormat”,
“attributes”: {
“input”: {
“type”: “firstValid”,
“attributes”: {
“values”: [
{
“attributes”: {
“sourceName”: “Active Directory”,
“attributeName”: “lastLogonTimeStamp”
},
“type”: “accountAttribute”
},
“441166176010000000”
]
}
},
“inputFormat”: “EPOCH_TIME_WIN32”,
“outputFormat”: “ISO8601”
}
},
“secondDate”: {
“type”: “dateFormat”,
“attributes”: {
“input”: {
“attributes”: {
“expression”: “now-8M”,
“roundUp”: true
},
“type”: “dateMath”
},
“inputFormat”: “yyyy-MM-dd’T’HH:mm”,
“outputFormat”: “ISO8601”
}
},
“operator”: “lt”
},
“internal”: false
}

9

@gvscdeep1 Thank you for the reply. I tested what you suggested with EPOCH_TIME_JAVA and WIN32 and got the same error. "Error rendering template: $lastLogon.

What is interesting is that if I hard code in the dates for firstDate and secondDate i get the results I am looking for. If I pull out each second and make it its own transform I get the date result correctly. It is when I combine them and using the variable (firstDate = $lastLogon or secondDate = @eightMonthsAgo) do I get an issue.

Am I not setting up these sections correctly for velocity templating to call it correctly?

{
“id”: “6236de82-88e5-4174-ab4e-97e2125fabf8”,
“name”: “Lifecycle State Transform”,
“type”: “static”,
“attributes”: {
“lastLogon”: {
“type”: “firstValid”,
“attributes”: {
“values”: [
{
“type”: “dateFormat”,
“attributes”: {
“input”: {
“type”: “accountAttribute”,
“attributes”: {
“sourceName”: “Active Directory”,
“attributeName”: “lastLogonTimeStamp”
}
},
“inputFormat”: “EPOCH_TIME_WIN32”,
“outputFormat”: “ISO8601”
}
},
{
“type”: “static”,
“attributes”: {
“value”: “1970-01-01T00:00:00.000Z”
}
}
]
}
},
“eightMonthsAgo”: {
“type”: “dateFormat”,
“attributes”: {
“input”: {
“type”: “dateMath”,
“attributes”: {
“expression”: “now-8M”
}
},
“inputFormat”: “yyyy-MM-dd’T’HH:mm”,
“outputFormat”: “ISO8601”
}
},
“isInactive”: {
“type”: “dateCompare”,
“attributes”: {
“firstDate”: “$lastLogon”,
“secondDate”: “2023-08-29T11:49:00.000Z”,
“operator”: “lte”,
“positiveCondition”: “inactive”,
“negativeCondition”: “active”
}
},
“value”: “$isInactive”
},
“internal”: false
}

10

I tested the below Transform and is working fine.

{
    "id": "301a6705-50dd-45d9-b347-991035058751",
    "name": "AD 90 Days Inactive DateCompare Transform",
    "type": "dateCompare",
    "attributes": {
        "positiveCondition": "true",
        "negativeCondition": "false",
        "firstDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "type": "firstValid",
                    "attributes": {
                        "values": [
                            {
                                "attributes": {
                                    "attributeName": "lastLogonTimestamp",
                                    "sourceName": "Test AD"
                                },
                                "type": "accountAttribute"
                            },
                            "441166176010000000"
                        ]
                    }
                },
                "inputFormat": "EPOCH_TIME_WIN32",
                "outputFormat": "ISO8601"
            }
        },
        "secondDate": {
            "type": "dateFormat",
            "attributes": {
                "input": {
                    "attributes": {
                        "expression": "now-8M",
                        "roundUp": true
                    },
                    "type": "dateMath"
                },
                "inputFormat": "yyyy-MM-dd'T'HH:mm",
                "outputFormat": "ISO8601"
            }
        },
        "operator": "lt"
    },
    "internal": false
}