Trick to force an update to the LastLogon Timestamp for an Active Directory account. This is sometimes necessary for the portal cache accounts if a companies AD team disables accounts based on the LastLogon timestamp of a user.

Update-LastLogonTimestamp.ps1

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue


function Update-LastLogonTimestamp
{
    [CmdletBinding()]
    param
    (
        [parameter(Position=0, Mandatory=$true)][string]$UserName
    )
    
    begin
    {
        $upn = $UserName
        $impersonationSuccessful = $true
    }
    process
    {
        if ($UserName.IndexOf("\") -gt 0)
        {
            # convert to user@domain format
            $domain = $UserName.Split("\")[0]
            $user   = $UserName.Split("\")[1]
            $upn    = "$user@$domain"
        }    

        try
        {
            $windowsIdentity = New-Object System.Security.Principal.WindowsIdentity($upn)
            $impersonatedContext = $windowsIdentify.Impersonate()
        }
        catch
        {
            $impersonationSuccessful = $false
        }
        finally
        {
            if($impersonatedContext)
            {
                $impersonatedContext.Undo()
            }
        }
    }
    end
    {
        $impersonationSuccessful
    }
}

# update non-managed accounts
# Update-LastLogonTimestamp -UserName "portalsuperreader@contoso.com"
# Update-LastLogonTimestamp -UserName "portalsuperuser@contoso.com"

# update all managed accounts
Get-SPManagedAccount | % { Update-LastLogonTimestamp -UserName $_.UserName }

Hi, i can run the script with success but the LastLogonTimestamp in AD is not getting updated.