asked on

Active Directory LastLogonDate not updating when accessing SharePoint via Firefox or Chrome

While auditing Active Directory user accounts, we discovered that outside staff who use either Firefox or Chrome to access our public facing SharePoint 2013 site don’t have accurate LastLogonDate time stamps. Staff who use IE11 or Edge have accurate LastLogonDate time stamps.

After authenticating (Claims/NTLM), all users (IE11, Edge, Firefox, and Chrome) can access SharePoint pages just the same.

Is there a setting within SharePoint (or IIS) that will force Firefox and Chrome to update the AD attribute of LastLogonDate?
Or
Are there SharePoint (or IIS) logs that can be efficiently audited to obtain the same information?

David Johnson, CD

that is because non-Microsoft browsers use basic authentication and not windows authentication.

ArneLovius

Connecting to Sharepoint is authentication using AD, I'm fairly sure that it does not count as an AD logon for the purposes of updating LastLogon.

As per https://technet.microsoft.com/en-us/ms676823(v=vs.99)

LastLogon is not replicated, it needs to be checked on every DC

Peter Gregg

SharePoint access does not update last login in Active Directory:
https://sharepoint.stackexchange.com/questions/79080/sharepoint-access-does-not-update-last-login-in-active-directory

Get more about lastLogontimeStamp: https://social.technet.microsoft.com/Forums/en-US/842da628-912c-403d-a26d-1a51fe51eb94/accounts-should-be-flagged-stale-but-have-current-login-timestamp?forum=winserverDS

ASKER CERTIFIED SOLUTION

realtimer

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial