How to Upload Photos to Active Directory with PowerShell

Do you work in a geographically dispersed company where employees rarely see each other? Do you like putting faces to names? Up until Exchange 2010 and Outlook 2010, viewing user photos in the GAL was not an easy task to do without some serious coding. Nowadays, setting an Active Directory photo is much simpler.

Exchange 2010, Lync 2010, and SharePoint 2010 now can utilize the thumbnail photo attribute in Active Directory to display user photos, making it easier to maintain an Active Directory photo. This is a great tool for companies that have remote workers or are geographically dispersed, allowing employees to finally see ID photos of their colleagues simply by reading an email from them. There are various methods of uploading photos to AD, but the easiest method – and one that requires no software installation – is PowerShell.

Impact to Active Directory

The thumbnail attribute can only store a photo up to 100K, so you are definitely not uploading high-resolution photos. Depending on the size of your organization, all those pretty faces can impact the size of your Active Directory database and the replication to other domain controllers so you will need to plan accordingly.

The Active Directory schema must be at Windows Server 2008 before you can take advantage of the attribute. You will need to enable replication on the thumbnail attribute since it is disabled by default. If you have Exchange 2010 SP1 installed you won’t need to do this since the setup /SchemaPrep enables the thumbnail attribute replication settings for you.

Upload Your Active Directory Photos Using PowerShell

To upload photos into Active Directory’s thumbnailPhoto attribute you can use the Powershell  Import-RecipientDataProperty cmdlet. This cmdlet can be used to upload photos or even audio files of a spoken name to a user’s account or mail contact. Once a photo is uploaded into Active Directory, applications such as Exchange, Outlook, and Lync can display these photos through the thumbnailPhoto attribute. SharePoint can even use this attribute using the User Profile Sync to display user photos providing a centralized location to retrieve a user’s profile image.

It is recommended to use a photo size that is 96×96 pixels, which isn’t very large, but it’s enough to get a decent thumbnail photo for all to see in the GAL. Even though the thumbnailPhoto attribute can store up to 100kb, the Import-RecipientDateProperty cmdlet can only upload 10kb or less, so you will need to make sure photo is that size or smaller. If your Active Directory photo is too large the import will fail.

Run the following cmdlet into the Exchange Management Shell:

​

Import-RecipientDataProperty -Identity <MailboxUserContactIdParameter> -FileData <Byte[]> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Picture <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

This image shows an example:

You will need to update your Offline Address book before you can view photos in the offline address book, otherwise the photos will not appear until the next update. After you’ve updated your OAB and pulled downed the latest copy in your outlook client you can then go into the GAL and view the photo. If you’re using Outlook in non-cached mode the thumbnail Photo is visible right away.

So there you have it, folks: photos in Active Directory! You can now see everyone’s smiling facing every time you read an email from your co-worker. All joking aside, having a central repository to pull a user’s profile image can be a good thing if you have multiple systems that want to utilize these photos, keeping everything consistent. Storing the photos in Active Directory makes it easier, as all you have to do is configure the other applications to sync or pull from Active Directory, which gives you less places to upload and manage your images.

FAQs

Can I use animated GIFs as an Active Directory photo?

No, Active Directory photo functionality only supports static image formats like JPG and PNG. Animated GIFs cannot be used as thumbnails in Active Directory, as they would exceed the size limitations and aren’t compatible with the thumbnail attribute specifications.

What happens if I need to bulk upload Active Directory photos for multiple users?

You can create a PowerShell script that loops through a directory of photos and uploads them as Active Directory photos in batch. This automation can save time when implementing photos for large organizations, as long as the images meet the size and format requirements.

Will the Active Directory photo sync automatically with Microsoft Teams?

Yes, once you upload an Active Directory photo, it will automatically sync with Microsoft Teams and other Microsoft 365 services that are connected to your Active Directory, providing a consistent profile image across the organization’s platforms.

Can I restrict who can view Active Directory photos in my organization?

Yes, you can implement Active Directory permissions to control which users or groups can view the thumbnail photos. This allows organizations to manage photo visibility based on security requirements or organizational policies.

What’s the recommended file format for Active Directory photo uploads?

JPEG format is recommended for Active Directory photo uploads as it provides the best balance between image quality and file size. This format allows you to meet the 10KB size restriction while maintaining acceptable image clarity.