realtimer
asked on
Active Directory LastLogonDate not updating when accessing SharePoint via Firefox or Chrome
While auditing Active Directory user accounts, we discovered that outside staff who use either Firefox or Chrome to access our public facing SharePoint 2013 site don’t have accurate LastLogonDate time stamps. Staff who use IE11 or Edge have accurate LastLogonDate time stamps.
After authenticating (Claims/NTLM), all users (IE11, Edge, Firefox, and Chrome) can access SharePoint pages just the same.
Is there a setting within SharePoint (or IIS) that will force Firefox and Chrome to update the AD attribute of LastLogonDate?
Or
Are there SharePoint (or IIS) logs that can be efficiently audited to obtain the same information?
After authenticating (Claims/NTLM), all users (IE11, Edge, Firefox, and Chrome) can access SharePoint pages just the same.
Is there a setting within SharePoint (or IIS) that will force Firefox and Chrome to update the AD attribute of LastLogonDate?
Or
Are there SharePoint (or IIS) logs that can be efficiently audited to obtain the same information?
that is because non-Microsoft browsers use basic authentication and not windows authentication.
Connecting to Sharepoint is authentication using AD, I'm fairly sure that it does not count as an AD logon for the purposes of updating LastLogon.
As per https://technet.microsoft.com/en-us/ms676823(v=vs.99)
LastLogon is not replicated, it needs to be checked on every DC
As per https://technet.microsoft.com/en-us/ms676823(v=vs.99)
LastLogon is not replicated, it needs to be checked on every DC
SharePoint access does not update last login in Active Directory:
https://sharepoint.stackexchange.com/questions/79080/sharepoint-access-does-not-update-last-login-in-active-directory
Get more about lastLogontimeStamp: https://social.technet.microsoft.com/Forums/en-US/842da628-912c-403d-a26d-1a51fe51eb94/accounts-should-be-flagged-stale-but-have-current-login-timestamp?forum=winserverDS
https://sharepoint.stackexchange.com/questions/79080/sharepoint-access-does-not-update-last-login-in-active-directory
Get more about lastLogontimeStamp: https://social.technet.microsoft.com/Forums/en-US/842da628-912c-403d-a26d-1a51fe51eb94/accounts-should-be-flagged-stale-but-have-current-login-timestamp?forum=winserverDS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.