A Study on Active Directory and the Last Logo...

A Study on Active Directory and the Last Logon Attribute in AD DS and AAD

Author Name : Tabish Khan, Dr. Ramesh Solanki

ABSTRACT

Microsoft’s Active Directory also known as AD is a directory service used by organizations as a database for their employees’ user accounts, computers, groups, etc. AD is used to store network resources for windows domain network. Active Directory was first released with Server edition of Windows 2000 and was modified in 2003 Windows Server with some extended functionalities and improved administration.

Azure AD (AAD) is Active Directory service by Microsoft Azure as a part of Azure Cloud Services and it is used to synchronize on premises directories and enable MFA and SSO support. AAD. Many Cloud services use AAD for authentication. For example, Office 365.

As AD DS and AAD authenticate for different scenarios (AD DS – Domain Network | AAD-Cloud based/authenticated Application and Services), the last logon attribute for the same user account in AAD and AD DS are often different. In this study we will gain a deep understanding of AAD and AD DS and the synchronisation of their Identity data. We will also learn what scenarios will be created by an unsynchronized Last Logon attribute. Lastly, we will also have an introduction to the Microsoft graph API

Key Words: Active Directory, Azure Active Directory (AAD), Active Directory Domain Services (AD DS), Azure AD Connect, Microsoft Graph API.