How to Upload Photos to Active Directory with PowerShell
Do you work in a geographically dispersed company where employees rarely see each other? Do you like putting faces to names? Up until Exchange 2010 and Outlook 2010, viewing user photos in the GAL was not an easy task to do without some serious coding.
Exchange 2010, Lync 2010, and SharePoint 2010 now can utilize the thumbnail photo attribute in Active Directory to display user photos. This is a great tool for companies that have remote workers or are geographically dispersed, allowing employees to finally see ID photos of their colleagues simply by reading an email from them. There are various methods of uploading photos to AD, but the easiest method – and one that requires no software installation – is PowerShell.
Impact to Active Directory
The thumbnail attribute can only store a photo up to 100K, so you are definitely not uploading high-resolution photos. Depending on the size of your organization, all those pretty faces can impact the size of your Active Directory database and the replication to other domain controllers so you will need to plan accordingly.
The Active Directory schema must be at Windows Server 2008 before you can take advantage of the attribute. You will need to enable replication on the thumbnail attribute since it is disabled by default. If you have Exchange 2010 SP1 installed you won’t need to do this since the setup /SchemaPrep enables the thumbnail attribute replication settings for you.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Upload Photos Using PowerShell
To upload photos into Active Directory’s thumbnailPhoto attribute you can use the Powershell Import-RecipientDataProperty cmdlet. This cmdlet can be used to upload photos or even audio files of a spoken name to a user’s account or mail contact. Once a photo is uploaded into Active Directory, applications such as Exchange, Outlook, and Lync can display these photos through the thumbnailPhoto attribute. SharePoint can even use this attribute using the User Profile Sync to display user photos providing a centralized location to retrieve a user’s profile image.
It is recommended to use a photo size that is 96×96 pixels, which isn’t very large, but it’s enough to get a decent thumbnail photo for all to see in the GAL. Even though the thumbnailPhoto attribute can store up to 100kb, the Import-RecipientDateProperty cmdlet can only upload 10kb or less, so you will need to make sure photo is that size or smaller. If your photo is too large the import will fail.
Run the following cmdlet into the Exchange Management Shell:
Import-RecipientDataProperty -Identity <MailboxUserContactIdParameter> -FileData <Byte> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Picture <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
This image shows an example:
You will need to update your Offline Address book before you can view photos in the offline address book, otherwise the photos will not appear until the next update. After you’ve updated your OAB and pulled downed the latest copy in your outlook client you can then go into the GAL and view the photo. If you’re using Outlook in non-cached mode the thumbnail Photo is visible right away.
So there you have it, folks: photos in Active Directory! You can now see everyone’s smiling facing every time you read an email from your co-worker. All joking aside, having a central repository to pull a user’s profile image can be a good thing if you have multiple systems that want to utilize these photos, keeping everything consistent. Storing the photos in Active Directory makes it easier, as all you have to do is configure the other applications to sync or pull from Active Directory, which gives you less places to upload and manage your images.