2010-06-17

Updating Pictures for Users in AD

I came across a nice article last week regarding pictures for User accounts in an Active Directory environment

First let describe the issue at hand. Every now and again, my manager gets an email saying,
"Why don't I see the picture of xxx when I open up his mail?"

image

And shortly thereafter I get an email asking the exact same question.

Well the answer is always give is that up until Exchange 2003 - there was no option of adding a picture to GAL (Global Address List) - and even if you did you had to jump through hoops to get that picture to appear in Outlook on every computer.

Starting with Outlook 2010 - that feature is built-in so it makes life a lot easier.

Now of course this does not only work with Outlook - but with everything that uses this GAL - for example OCS, SharePoint ….

So how do you get the picture into the GAL? Simple put the picture into the Users attribute in Active Directory.. :)

Uhmmm …. Simple? How do you do that?

With Powershell it is, which leads me to the article I came across on Mike Pfeiffer's Blog which shows you how. He is using the native AD Cmdlets - but that of course only works if you have a Windows 2008 Domain Controller or the Active Directory Web Services installed in your domain.

And if not?

I used the Quest Active Directory Powershell Cmdlets to do the job.

#Convert the image to Bytes
$photo = [byte[]](Get-Content C:\temp\maish.jpg -Encoding byte)

#Set the Attribute on the User
Set-QADObject -Identity -ObjectAttributes @{thumbnailPhoto=$photo}


Next to come up - what is the size of the Thumbnail that should be put there?

Recommended is no larger than 96x96 pixels and is limited to 10Kb in size, anything bigger will not work.

How does this affect the Active Directory Database?

Well adding in more information will make the DB grow - but for 1000 Users x 10KB you get 10MB so that addition is negligible IMHO - User certificates that are stored in AD are about the same size. Add to the fact that it is a one time synch - because most of this data is static anyway.

You will have make sure that the attribute is replicated to the Global catalog in the Schema

image

Now the only part hat needs to be taken care of - is getting a proper image from HR in the correct size. Maybe we will find a Powershell script to take care of this :)