Importing user photos into Active Directory

O ne of the most popular new features in Exchange 2010 is the ability to view user photos in Outlook 2010. This is made possible by importing an image into the thumbnailPhoto attribute for a given user account in Active Directory. This image can then be displayed when viewing a message or browsing the Global Address List within Outlook 2010. This is a long-awaited enhancement, and the addition of this new feature makes it easier, especially in large organizations, to identify co-workers and get to know the people you are working with. In this recipe, we'll look at how you can import user photographs into Active Directory.

Getting ready

In addition to the Exchange Management Shell, you will need access to the Active Directory administration tools for this recipe. The Remote Server Administration Tools pack (RSAT-ADDS) is a prerequisite required by Exchange 2010 setup, so it will already be installed on an Exchange 2010 server and you can use the tools from there, if needed.

How to do it...

First, you need to update the Active Directory schema to ensure that the thumbnailPhoto attribute will be replicated to the Global Catalog. Your account will need to be a member of the schema admins group in Active Directory. On a machine with the Active Directory administration tools installed, do the following:

  1. In the Exchange Management Shell or a cmd console, run the following command to register the Active Directory Schema extension:Regsvr32 schmmgmt.dll.
  2. Start the MMC console by clicking on Start | Run, type MMC, and click OK.
  3. Go to File and click on Add/Remove Snap-In.
  4. Add the Active Directory Schema Snap-In and click OK.
  5. Under Active Directory Schema, highlight the Attributes node, and locate the thumbnailPhoto attribute.
  6. Right click on the thumbnailPhoto attribute and click on Properties.
  7. On the Properties page, select Replicate this attribute to the Global Catalog, and click OK.

At this point, the required Active Directory steps have been completed and you can now import a photo into Active Directory using the Import-RecipientDataProperty cmdlet:

Import-RecipientDataProperty -Identity dave `
-Picture `
-FileData (
  [Byte[]](
    Get-Content -Path C:\dave.jpg `
    -Encoding Byte `
    -ReadCount 0
  )
)

How it works...

Each user account or contact object in Active Directory has a thumbnailPhoto attribute that can be used to store binary data. The Get-Content cmdlet is used to read a .jpeg file into a byte array, and we then use the Import-RecipientDataProperty cmdlet to load that data into the thumbnailPhoto attribute of the user account or contact in Active Directory, using the -FileData parameter. Once the data has been imported into Active Directory, Outlook 2010 will query the thumbnailPhoto attribute of each user and display their photo when you receive an e-mail message from them, or when you are viewing their information in the Global Address List.

Note

If you need to remove a photo for a user or a contact, use the -RemovePicture switch parameter with the Set-Mailbox or Set-MailContact cmdlets.

There are a few things to keep in mind when you decide to load photos into Active Directory for your users. First, the -FileData parameter is limited to 10 kb, so you need to ensure that the images you are trying to import are not too large. Also, the image file must be in jpeg format. The recommended thumbnail photo size in pixels is 96x96 pixels. Finally, be conscious about the size of your NTDS database in Active Directory. If you only have a small amount of users, then this will probably not be a huge issue. If you have hundreds of thousands of users there will be some serious replication traffic if you suddenly import photos for each of those users. Make sure to plan accordingly.

There's more…

Outlook clients operating in cached mode will use the thumbnailPhoto attribute configuration of the Offline Address Book (OAB) to determine how to access photos. By default, the thumbnailPhoto attribute is an Indicator attribute, meaning that it points Outlook to Active Directory to retrieve the image. If you want to disable thumbnail photos for cached-mode clients, remove the attribute using the Remove method of the ConfigureAttrbutes collection:

$oab = Get-OfflineAddressBook ‘Default Offline Address Book’
$oab.ConfiguredAttributes.Remove('thumbnailphoto,indicator')

Set-OfflineAddressBook ‘Default Offline Address Book’ `
-ConfiguredAttributes $oab.ConfiguredAttributes

If you want offline clients to be able to view thumbnail photos, you can add the thumbnailPhoto attribute as a value attribute using the Add method:

$oab = Get-OfflineAddressBook ‘Default Offline Address Book’
$oab.ConfiguredAttributes.Add('thumbnailphoto,value')

Set-OfflineAddressBook ‘Default Offline Address Book’ `
-ConfiguredAttributes $oab.ConfiguredAttributes

If you work in a medium or large organization, this could make for an extremely large OAB. Again, make sure to plan accordingly. Use the following command to update the OAB after these configuration changes have been made:

Update-OfflineAddressBook 'Default Offline Address Book'

Taking it a step further

If you are going to take advantage of this function, you are likely going to do this in bulk for existing employees, or as new employees are hired, and this may require some automation. Let's say that your company issues a security badge with a photo for each employee. You have each of these photos stored on a file server in jpeg format. The file names of the photos use the Exchange alias for the users associated mailbox. The following script can be used in this scenario to import the photos in bulk:

$photos = Get-ChildItem \\server01\employeephotos -Filter *.jpg

foreach($i in $photos) {
[Byte[]]$data = gc -Path $i.fullname -Encoding Byte -ReadCount 0
  Import-RecipientDataProperty $i.basename -Picture -FileData $data
}

First, this code creates a collection of jpeg files in the \\server01\employeephotos share and stores the results in the $photos object. We're using the -Filter parameter with the Get-ChildItem cmdlet so that the command only returns files with a .jpg extension. The items returned from the Get-ChildItem cmdlet are FileInfo objects which contain several properties that include detailed information about each file, such as the filename and the full path to the file.

As we loop through each photo in the collection, you can see that inside the loop we're casting the output from Get-Content (using the gc alias) to [Byte[]] and storing the result in the $data variable. We can determine the path to the file using the FullName property of the FileInfo object that represents the current jpeg file being processed in the loop. We then use the Import-RecipientDataProperty cmdlet to import the data for the current user in the loop. The BaseName property of a FileInfo object returns the file name without the extension; therefore we use this property value to identify which user we're importing the photo for when executing the Import-RecipientDataProperty cmdlet.

See also

  • Transferring files through remote PowerShell in Chapter 2, Exchange Management Shell Common Tasks