Managing User Photos in Active Directory Using ThumbnailPhoto Attribute

Active Directory person accounts have a particular thumbnailPhoto attribute in which a person’s picture will be saved as binary information. Outlook, OWA, Lync/Skype for Business, SharePoint (and different apps) can use the picture saved in this AD attribute because the person’s avatar in their interface. In addition, these photographs will be .

In this text, we’ll present you the right way to add (add) a person’s picture to Active Directory utilizing EnergyShell, OWA or the Active Directory Users and Computers snap-in, in addition to the right way to save (export) the thumbnailPhoto attribute worth to a jpeg file.

ThumbnailPhoto Attribute in Active Directory

The foremost points and restrictions of utilizing person photographs in AD:

  • The most picture measurement in the thumbnailPhoto attribute of the person object is 100 KB. However, there’s a normal suggestion to make use of a graphic JPEG/BMP file format as much as 10 KB and 96×96 pixels in measurement as person’s picture in AD;
  • To show a photograph in Outlook 2010 or newer, at the least a model of the Windows Server 2008 Active Directory schema is required;
  • If there are plenty of person photographs in Active Directory, the replication site visitors between area controllers will increase because of the development of the NTDS.DIT file (AD database);
  • Users can change their very own picture in AD. If it’s worthwhile to delegate the power to add photographs to different customers (e. g., HR division), it’s worthwhile to use to grant the group the “Write thumbnailPhoto” permission to the OU with person accounts.

How to Add/Update a User Photo in AD Using EnergyShell?

To add (add) a person picture to Active Directory utilizing EnergyShell, it’s worthwhile to use the (which is a part of the ). First, it’s worthwhile to convert the picture file to a byte array, after which use the Set-ADUser cmdlet to set it as the worth of the thumbnailPhoto attribute.

Import-Module ActiveDirectory
$picture = [byte[]](Get-Content C:PSjkuznetsov_photo.jpg -Encoding byte)
Set-ADUser jkuznetsov -Replace @

The identical factor in EnergyShell one-liner:

Set-ADUser jkuznetsov -Replace @

After these instructions have been executed, the person picture saved in Active Directory database will probably be displayed in Outlook, Lync/Skype, OWA, and many others. (it could take a while until the tip of AD replication and GAL replace).

You can open the person’s properties in the Active Directory Users and Computers (ADUC) console, go to the , and ensure the thumbnailPhoto attribute now accommodates a price.

User Photos Management in Exchange and Outlook Web Access

Exchange Management Shell helps the identical function of importing AD person photographs. To do it, you should use Import-RecipientDataProperty cmdlet.

Note. The Import-RecipientDataProperty cmdlet in Exchange 2010 doesn’t permit to add a picture of greater than 10 KB.

The EMS command to replace a photograph of the person jkuznetsov will seem like this:

Import-RecipientDataProperty -Identity “jkuznetsov” -Picture -FileKnowledge ([Byte[]] $(Get-Content -Path “C:PSjkuznetsov_photo.jpg” -Encoding Byte -ReadCount zero))

EMS in Exchange 2013/2016 makes use of one other cmdlet to handle person photographs – Set-UserPhoto. The following instructions are used so as to add a person’s picture in these variations of Exchange:

Add-PSSnapin Microsoft.Exchange.Management.EnergyShell.SnapIn
$usrphotofile = ([Byte[]] $(Get-Content -Path "C:PSjkuznetsov_photo.jpg" -Encoding Byte -ReadCount zero))
Set-UserPhoto -Identity jkuznetsov -PictureKnowledge $usrphotofile -Confirm:$False
Set-UserPhoto -Identity jkuznetsov -Save -Confirm:$False

To take away a thumbnail picture from Active Directory, use the command:

Remove-UserPhoto -Identity jkuznetsov

Users can even change their profile picture themselves by Outlook Web Access (OWA). Click in your account in the higher proper nook, choose Edit data -> picture -> click on the change button and specify the trail to the jpeg file with the person picture.

How to Import User Photos to AD in Bulk with EnergyShell?

You can bulk add and handle customers’ photographs to Active Directory with EnergyShell. Create a CSV file that accommodates a listing of person accounts and the corresponding picture filenames. You can use the coma-separeted format of the import.csv file:

AD_username, Photo
asmith, C:PSasmith.jpg
[email protected], C:PSklinton.jpg
jkuznetsov, C:PSjkuznetsov.png

The following EnergyShell one-liner command will get the record of customers from a CSV file and replace (add) their photographs to Active Directory:

Import-Csv C:PSimport.csv |%

How to Export a User Photo from Active Directory to a JPG File?

You can save an AD person picture to a graphic file. To do it, choose the person utilizing the cmdlet:
$ADuser = Get-ADUser jkuznetsov-Properties thumbnailPhoto

And save the contents of thumbnailPhoto attribute to a JPG file:

$ADuser.thumbnailPhoto | Set-Content c:PSjkuznetsov.jpg -Encoding byte

Using the next EnergyShell script, you possibly can export photographs of all customers from a particular container (OU) to information:

Import-Module ActiveDirectory
$ADusers= Get-ADUser -Filter * -SearchBase "OU=Users,OU=Paris,DC=woshub,DC=com" -Properties thumbnailPhoto | ?
foreach ($ADuser in $ADusers) Set-Content $identify -Encoding byte

And lastly, there are some helpful queries. The first one permits to pick out all customers having a photograph in the thumbnailPhoto AD attribute:

Get-ADUser -Filter * -properties thumbnailPhoto | ? | choose Name

The second means that you can discover customers with no picture:

Get-ADUser -Filter * -properties thumbnailPhoto | ? | choose Name

Adding a Photo Tab to the Active Directory Users & Computers Console

If you don’t like EnergyShell, you should use the graphical (GUI) instruments to handle photographs of Active Directory customers.

There are quite a few third-party instruments that permit to set photographs for AD customers in extra handy graphic editors. However, the performance of such instruments is redundant, and there are particular dangers of utilizing third-party software program to edit AD.

I most frequently recommend utilizing the small library AdExt.dll, which provides a separate tab for including a photograph on to the ADUC console.

You can obtain the AdExt.dll library right here —

To set up the library, run the elevated command immediate and go to the listing with the .Net Framework binaries:

  • For x86 Windows: cd %WinDir%Microsoft.NETFrameworkv2.zero.50727
  • For x64 Windows: cd %WinDir%Microsoft.NETFramework64v4.zero.30319

Install the library with the command:

InstallUtil.exe c:psadAdExt.dll

Restart the ADUC (dsa.msc) console, then open the properties of any person. Please notice new Photo tab has appeared, the place you possibly can add or take away a person’s picture.

To take away (unregister) the AdExt.dll library, run the command:

InstallUtil.exe /u c:psadAdExt.dll

There are two sections on the Photo tab:

  • When importing a photograph by way of the thumbnailPhoto attribute, the picture is mechanically decreased to a decision of 96×96, and the standard is chosen in order that the scale is not more than 10 Kb.
  • If you add an image by way of jpegPhoto, then the picture high quality is modified in order that the picture measurement is lower than 100 Kb.

Check Also

Configuring L2TP/IPSec VPN Connection Behind a NAT, VPN Error Code 809

Due to disabling PPTP VPN help in iOS, one in all my shoppers determined to …

Leave a Reply

Your email address will not be published. Required fields are marked *