Using Pictures from Active Directory

As you all know by now there are several areas you can elevate pictures from Active Directory. What I mean is that you can add a picture to the thumbnailphoto attribute in Active Directory and it will be displayed in Outlook (not only Outlook 2010: http://www.stevieg.org/tag/thumbnailphoto/ ) and Lync. You could also achieve this on SharePoint. But what you probably did not know is that you can also automate the process of setting a user tile picture (User picture) on the start menu on Windows7 clients reading the picture from Active Directory. I will explain the process.

First we need to add a picture to accounts in Active Directory. This can be achieved in many ways. One way is to use the dll from oLID:http://www.dewdney.co.uk/adext/adext.zip (readme inside zip file), another way is to use this tool: http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html. A Third option is to use PowerShell. In order to import a picture using powershell you can use this code (you need Active directory modules):

$photo = [byte[]](Get-Content C:\pictures\oddvar.jpg -Encoding byte) 
Set-ADUser oddvar -Replace @{thumbnailPhoto=$photo}

I recommend using one of the gui methods, because they shrink the size of the image before they are written to the thumbnailphoto attribute. I like the adext.zip extension best. Here are screenshots when I add a picture to a user after I have installed the adext.zip:

The only problem using the gui is that it takes a long time to add a picture to every account. You can also delegate this to HR department. Just give them delegated rights to write thumbnailphoto attribute in Active directory. They can then use http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html to add pictures from their workstation. This is explained in detail here: http://cjwdev.wordpress.com/2010/11/03/the-thumbnailphoto-attribute-explained/

 

 

 Okay so now we have added pictures to our user accounts. Next step is to automate the process of reading out the picture from Active Directory to a file, and then add this as a user tile picture.

I choose to write the picture to a temporary location and the adding it as a user account pictures using this exe file.
http://www.msitpros.com/wp-content/uploads/usertile.renametoexe 
Compiled in X64 – .Net framework 3.5


( This is a compiled version of this code: http://joco.name/2010/12/06/i-discovered-the-new-windows-user-tile-api/ (Thanx Joco!) )

You can compile this code yourself by copying the code from Joco into notepad and save it with a .cs extension. Then you open up cmd and browse to \windows\Microsoft.net\Framework(64 if you want 64 compiled version)v3.5. Here you will find a file called csc.exe.

(Note: I compiled this in 3.5, because this is default installed in Windows 7, if you were to use .Net framework 4 you have to make sure that this is deployed to every workstation since the compiled exe file uses the version you compile it in.)

This is used for compiling code. Inputs are like this: csc.exe c:codeusertile.cs . This will create the usertile.exe inside the path where you execute csc.exe. So there is a crash course in compiling code. J

Okay, back to the automating usertile project. For simplicity in the script I copy the usertile.exe to netlogon folder. Here is the powershell script I use during logon to set the picture on the user account:

$username=$env:username 
$domain=$env:userdomain 
$temp=$env:temp 
$photo = ([ADSISEARCHER]"samaccountname=$($username)").findone().properties.thumbnailphoto 
$photo | set-content $temp$domain+$username.jpg -Encoding byte 
$command = "\\labdom\netlogon\usertile.exe $domain$username $temp$domain+$username.jpg" 
cmd /c $command 

As you can see it will connect to my logged on user in Active Directory. Then it will read the thumbnailphoto attribute out to %temp%domain+user.jpg. It will then call the usertile.exe and use this temporary domain+user.jpg file. The next step is to add this as a logon script.

As you all know there is now a great possibility to run PowerShell script at logon with the help of Group Policy.

I created the Usertile.ps1 inside the GPO.

And voila you now have your picture from Active directory on your start menu and logon screen.

Another Cool thing is that if you change the picture in active directory to another picture, this will also change the picture on the computers since the script will always run at logon and will overwrite the existing picture.

And please feel free to comment this post. Remember that this was all tested in a X64 environment. I do not know if this will work in X86 (the usertile.exe). If you have a mix of X86 and X64 you probably need to compile an X86 version of usertile and use that instead.

I must also give credz to xtremedeployment for the reverse engineering of usertile: http://deployment.xtremeconsulting.com/2010/06/23/usertile-automation-part-1/ (Great article)

Pictures in Outlook/Exchange:

- http://msexchangeteam.com/archive/2010/03/10/454223.aspx

- http://www.stevieg.org/tag/thumbnailphoto/ 

- http://blogs.technet.com/b/ilvancri/archive/2009/11/17/upload-picture-in-outlook-2010-using-the-exchange-management-shell-exchange-2010.aspx

 

Pictures in Sharepoint:

- http://www.uccorner.com/188/sharepoint/sharepoint-2010-user-profile-pictures-two-way/

- http://www.arricc.net/active-directory-photos-sharepoint.php

Pictures in Lync:

- http://www.codesalot.com/2010/photos-in-lync-2010/

- http://blogs.technet.com/b/nexthop/archive/2010/11/22/microsoft-lync-2010-photo-experience.aspx

Pictures in Active Directory:

- http://www.msitpros.com/index.php/2009/03/pictures-in-active-directory-users-and-computers/

- http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html

 

Thumbnailphoto info:

- http://sysnetadmin.changar.com/2011/02/10/using-outlook-2010-and-thumbnailphoto-in-active-directory/ – Note that it is not necessary to make the attribute replicate to Global catalog (only if you are in a multi domain forest)