More Pictures with AD: thumbnailPhoto

In this post I showed you how to automatically update the default "user tile" or logon picture in your domain and force everyone to use it via GPO.

Every user account object in Active Directory has a thumbnailPhoto attribute.  This attribute isn't entirely simple to modify.  That may be because Microsoft discourages AD administrators from bloating their Active Directory databases with pictures, but that's just a guess.  By default, users do have the permission to edit this attribute on their own user account.

The thumbnailPhoto attribute isn't shown on a user's Start Menu or on the logon prompt when you try to RDP to a server.  The thumbnailPhoto attribute is only used by certain applications, such as Outlook 2010 or OCS/Lync.  Each new picture that is added to a user account will increase the size of the Active Directory database and will have to be replicated.  So keep your pictures as small as possible.

The dimensions, format and filesize of the picture you want to use are not very strict.  I was able to use both a .bmp and a .jpg with no issues.  Of course in the end I prefer the .jpg because it's much smaller in size.  An easy way to modify this attribute is through Powershell.  The nice thing about this method is that you could do it programmatically through a script, making large batch operations easier.

Import-Module ActiveDirectory
$photo = [byte[]](Get-Content C:\photo.jpg -Encoding byte)
Set-ADUser user -Replace @{thumbnailPhoto=$photo}

You need the Active Directory module for PowerShell, which comes along with the RSAT.  What the script is doing is first converting the .jpg picture into a string of bytes and storing it to a variable, and then replacing the thumbnailPhoto attribute of the specified user's account object with that string of bytes.

Now just let that data replicate and you will soon see your new picture in Outlook, Office Communicator, Sharepoint, etc.!

Thanks to Oddvar for the hint.

Comments are closed