I am attempting to setup an AD Import Sync Rule that takes in among other fields the lastLogonTimestamp. I need to have this field in a usable date/time format and not the default integer type that it is imported as since we will be deprovisioning and disabling accounts based on lastLogon date. I can't seem to locate the correct function or custom expression. Unfortunately, the msDS-LastSuccessfulInteractiveLogonTime field is not an option due to our forest and domain functional levels at this time. We are running FIM 2010. Does anyone have a suggestion on how to make this conversion within the sync rule or other options?

http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/59e8668a-65c5-45e6-b85f-01994a2004cf/

at first you should use "lastLoginTimestamp" not "lastLogin", since "lastLogin" is not replicated accross Active Directory domain controllers, so if you have mutiple domain controllers that user authenticate against "lastLogin" will be updated only on the current authenticating server, while "lastLoginTimestamp" will be replicated accross all the domain controllers. have in mind that lastLoginTimestamp has a delay of 9-14 days and you need to use extension rule for your AD MA to write an import attribute flow rule. you can refer to gdtilghman link to convert filetime "long" to the datetime object then to the correct string format which FIM understands "yyyy-MM-ddTHH:mm:ss.000"