Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

How to Upload Photos to Active Directory with PowerShell

Do you work in a geographically dispersed company where employees rarely see each other? Do you like putting faces to names? Up until Exchange 2010 and Outlook 2010, viewing user photos in the GAL was not an easy task to do without some serious coding.

Exchange 2010, Lync 2010, and SharePoint 2010 now can utilize the thumbnail photo attribute in Active Directory to display user photos. This is a great tool for companies that have remote workers or are geographically dispersed, allowing employees to finally see ID photos of their colleagues simply by reading an email from them. There are various methods of uploading photos to AD, but the easiest method – and one that requires no software installation – is PowerShell.

Impact to Active Directory

The thumbnail attribute can only store a photo up to 100K, so you are definitely not uploading high-resolution photos. Depending on the size of your organization, all those pretty faces can impact the size of your Active Directory database and the replication to other domain controllers so you will need to plan accordingly.

The Active Directory schema must be at Windows Server 2008 before you can take advantage of the attribute. You will need to enable replication on the thumbnail attribute since it is disabled by default. If you have Exchange 2010 SP1 installed you won’t need to do this since the setup /SchemaPrep enables the thumbnail attribute replication settings for you.

Upload Photos Using PowerShell

To upload photos into Active Directory’s thumbnailPhoto attribute you can use the Powershell Import-RecipientDataProperty cmdlet. This cmdlet can be used to upload photos or even audio files of a spoken name to a user’s account or mail contact. Once a photo is uploaded into Active Directory, applications such as Exchange, Outlook, and Lync can display these photos through the thumbnailPhoto attribute. SharePoint can even use this attribute using the User Profile Sync to display user photos providing a centralized location to retrieve a user’s profile image.

It is recommended to use a photo size that is 96×96 pixels, which isn’t very large, but it’s enough to get a decent thumbnail photo for all to see in the GAL. Even though the thumbnailPhoto attribute can store up to 100kb, the Import-RecipientDateProperty cmdlet can only upload 10kb or less, so you will need to make sure photo is that size or smaller. If your photo is too large the import will fail.

Run the following cmdlet into the Exchange Management Shell:



Import-RecipientDataProperty -Identity <MailboxUserContactIdParameter> -FileData <Byte[]> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Picture <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

This image shows an example:

You will need to update your Offline Address book before you can view photos in the offline address book, otherwise the photos will not appear until the next update. After you’ve updated your OAB and pulled downed the latest copy in your outlook client you can then go into the GAL and view the photo. If you’re using Outlook in non-cached mode the thumbnail Photo is visible right away.

So there you have it, folks: photos in Active Directory! You can now see everyone’s smiling facing every time you read an email from your co-worker. All joking aside, having a central repository to pull a user’s profile image can be a good thing if you have multiple systems that want to utilize these photos, keeping everything consistent. Storing the photos in Active Directory makes it easier, as all you have to do is configure the other applications to sync or pull from Active Directory, which gives you less places to upload and manage your images.