To enhance security to whether an Identity is using it's AD Account regularly or not many customers tend to validate that and as per as an Organization norm tend to identify whether the Identity is part of the Organization or not as AD is one of the source of Authentication and Authorization.
Active Directory has an attribute called lastLogon or lastLogonTimestamp as per as the configuration of that particular organization. The value stored in the Attribute is a 18 digit LDAP Timestamp/FileTime timestamps different from the epoch Timestamp which Sailpoint Database Stores. By Comparing the Login Time, an organization can do the following Like kick-off certifications , kick-off Termination Workflows etc.
Below is the code for comparing the Current Date with Last Logon date from AD:
import java.time.format.DateTimeFormatter;
import java.time.LocalDateTime;
import java.text.SimpleDateFormat;
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd");
LocalDate now = LocalDate.now(); //Gets the Current Date
LocalDate then = now.minusDays(....); //(....) Put in an Integer Value for the Date you are going to compare with
String lastLogon = "132605304140000000"; //Harded Coded a sample timestamp. You can get the value from AD itself by iterating over the link objects
long DIFF_FOR_DATE_AND_TIMES = 11644473600000L;
long adDate = Long.parseLong(lastLogon);
long epochTime = (adDate / 10000) - DIFF_FOR_DATE_AND_TIMES;
Date lastLogonDate = new Date(epochTime);
String formatDate = new SimpleDateFormat("yyyyMMdd").format(lastLogonDate);
LocalDate logon = LocalDate.parse(formatDate, formatter); //Formatting the LastLogonDate in a format of then so that we can compare
Boolean result = logon.isBefore(then);
