Importing photos into Active Directory with PowerShell is a very easy way to make technology more personable. These photos, which appear in Outlook 2010+/Outlook Web Access 2013+, enable remote workers to see people they always email. They allow new hires to connect faces to names. In every way, they make digital communication more human. In this post, we are will explore three scripts that make importing photos into Active Directory automatic.
Set User Thumbnail Photo Attribute with PowerShell
Start by grabbing the packaged up scripts from here. You will need a machine that can regularly run a script as a scheduled task. Open the ZIP and save the entire ADPhotos folder to the machine that will be running the task. To make the process easier, save the ADPhotos folder to C:\Users\Public\Scripts\.
We will use two scripts to import pictures into Active Directory. Our first script (SetUserThumbnailPhoto.ps1) calls a conversion process, links a picture to a user, and imports the picture. Our second script (GALBatchConvert.ps1) converts the picture to an AD friendly format and prevents Active Directory bloat. This script was written by Steve Goodman. You will also have four folders within the ADPhotos root folder:
- Converted: Contains a converted picture while being imported into AD.
- Input: An optional place to store pictures before conversion. In the script, you will see that I actually input from a network share.
- Logs: Records when a user’s picture is imported.
- Output: Stores the AD friendly pictures until they match a user.
Let’s take a look at our first script, SetUserThumbnailPhoto:
$InputFolder = "\\Server\Share\Email Photo\" $OutputFolder = "C:\Users\Public\Scripts\ADPhotos\Output\" $ConvertedFolder = "C:\Users\Public\Scripts\ADPhotos\Converted\" $ScriptLocation = "C:\Users\Public\Scripts\ADPhotos\" Add-PSSnapin Quest.ActiveRoles.ADManagement $Date = Get-Date -Format o | foreach {$_ -replace ":", "."} $Pictures = Get-ChildItem $InputFolder Set-Location $ScriptLocation .\GALBatchConvert.ps1 -InputFolder $InputFolder -OutputFolder $OutputFolder foreach ($Picture in $Pictures){ $User = $Picture | Get-Acl | select Owner -ExpandProperty Owner $PictureName = $Picture.Name $PictureLength = $PictureName.Length $PictureNamewithoutExt = ($PictureName.Substring(0,$PictureLength-3)) $ConvertedPicture = $OutputFolder + $PictureNamewithoutExt + "jpg" Copy-Item -Path $ConvertedPicture -Destination $ConvertedFolder $PictureContent = [byte[]](Get-Content $ConvertedFolder\* -Encoding byte) Get-QADuser $User | Set-QADUser -ObjectAttributes @{thumbnailPhoto=$PictureContent} | out-file ".\logs\log$date.txt" -Append <# Use the line below if you want your users to name the picture after their username. Get-QADuser $PictureNamewithoutExt | Set-QADUser -ObjectAttributes @{thumbnailPhoto=$PictureContent} | out-file ".\logs\log$date.txt" -Append #> sleep 5 get-childitem $ConvertedFolder | Remove-Item } Remove-Item $InputFolder\* -Recurse Remove-Item $OutputFolder\* -Recurse