Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2011-06-14) Pictures/Photos In Active Directory

Posted by Jorge on 2011-06-14


Multiple (blog) resources on the internet contain information how to add and leverage pictures/photos in AD. I have summarized these resources below for your convenience.

WARNING: Be aware that storing pictures/photos in AD may increase the size of the NTDS.DIT extensively (depends of course on the amount of pictures and the size of each picture) and do not forget that the upload of this information impacts AD replication. It is just yet another attribute with information that needs to be replicated

    • Explains how to leverage the "thumbnailPhoto" attribute and how to delegate permissions
    • Explains how to import pictures/photos into AD through ADUC (other posts also contain examples for vbscript and powershell)
      • "UserPropPage.dll" for x86 Windows –> for x86 Windows, single TAB called "Human Resources" that allows you to manipulate the "employeeID" attribute and the "thumbnailPhoto" attribute
      • "UserPropPage.dll" for x64 Windows –> for x64 Windows, single TAB called "Human Resources" that allows you to manipulate the "employeeID" attribute and the "thumbnailPhoto" attribute
      • "ADExt.dll" for x86/x64 Windows –> for x86/x64 Windows, one TAB called "Employee" that allows you to manipulate the "employeeID" attribute and/or the "employeeNumber" attribute, and a second TAB called "Photo" that allows you to manipulate the "thumbnailPhoto" attribute (single-valued) and/or the "jpegPhoto" attribute (multi-valued). When using this extension the following applies:
        • When importing data into the "thumbnailPhoto" attribute, the image is sampled down to 96 x 96 pixels, and the jpeg quality is chosen to have the size < 10KB
        • When importing data into the "jpegPhoto" attribute, the jpeg quality is chosen to have the size < 10KB
    • Explains how to leverage the pictures/photos in AD and show them in the Windows 7 logon screen and start menu (using EXE)
    • Explains how to leverage the pictures/photos in AD and show them in the Windows 7 logon screen and start menu (using VBSCRIPT)
    • Both links provide an overview of the AD Photo Edit tool created by CJWDEV. A free version and a paid for version is available

In addition to the DLLs mentioned above you can use the following ways to upload pictures/photos into AD (The recommended size for pictures in AD is 96×96. If the pictures do not adhere to this size you can use a tool similar to Picture Resizer 5.0 or IrfanView to batch resize the pictures before importing.)

[1] Using the W2K8R2 AD PoSH CMDlets

Import-Module ActiveDirectory
$photo = [byte[]](Get-Content C:PhotoMyPhoto.jpg -Encoding byte)
Set-ADUser <sAMAaccountName> -Replace @{thumbnailPhoto=$photo}

REMARK: this DOES NOT adjust size or quality of the JPG uploaded. Whatever the JPG is, is what will be imported

[2] Using the Quest AD PoSH CMDlets

Add-PSSnapin Quest.ActiveRoles.ADManagement
$photo = [byte[]](Get-Content C:PhotoMyPhoto.jpg -Encoding byte)
Set-QADUser <sAMAaccountName> -ObjectAttributes @{thumbnailPhoto=$photo}

REMARK: this DOES NOT adjust size or quality of the JPG uploaded. Whatever the JPG is, is what will be imported


[3] Using the E2K10 PoSH CMDlets

Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010
Import-RecipientDataProperty -Identity <sAMAaccountName> -Picture -FileData ([Byte[]]$(Get-Content -Path "C:PhotoMyPhoto.jpg" -Encoding Byte -ReadCount 0))

REMARK: this DOES NOT adjust size or quality of the JPG uploaded. Whatever the JPG is, is what will be imported. The size of the JPG is limited by the CMDlet to 10 KB. The AD schema limits the "thumbnailPhoto" attribute value to 100 KB

[4] Using VBSCRIPT (doesn’t this smack the crap out of Powershell!!!??? J)

‘ SCRIPT VARIABLES
strsAMAccountName = "<sAMAaccountName>"
strFileName = "C:PhotoMyPhoto.jpg"

‘ SETUP THE ADO CONNECTION
Set xConnection = CreateObject("ADODB.Connection")
Set xCommand = CreateObject("ADODB.Command")
xConnection.Provider = "ADsDSOObject"
xConnection.Open "ADs Provider"

‘ GET THE DEFAULTNAMINGCONTEXT
Set xADSrootDSE = GetObject("LDAP://RootDSE")
strDefaultNC = xADSrootDSE.Get("defaultnamingcontext")

‘ EXECUTE A LDAP QUERY TO RETRIEVE THE DN OF THE OBJECT
Set xCommand.ActiveConnection = xConnection
strQuery = "SELECT distinguishedName FROM ‘LDAP://" & strDefaultNC & "’ WHERE sAMAccountName = ‘" & strsAMAccountName & "’"
xCommand.CommandText = strQuery
Set xResults = xCommand.Execute
strACCNTdn = xResults.Fields("distinguishedName")
Set xobjACCNTdn = GetObject("LDAP://" & strACCNTdn)
xobjACCNTdn.Put "thumbnailPhoto", ReadByteArray(strFileName)
xobjACCNTdn.SetInfo

‘ FROM http://www.ericphelps.com/q193998/index.htm READING BINARY FILES
Function ReadByteArray(strFileName)
    Const adTypeBinary = 1
    Dim bin
    Set bin = CreateObject("ADODB.Stream")
    bin.Type = adTypeBinary
    bin.Open
    bin.LoadFromFile strFileName
    ReadByteArray = bin.Read
End Function

REMARK: this DOES NOT adjust size or quality of the JPG uploaded. Whatever the JPG is, is what will be imported

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

3 Responses to “(2011-06-14) Pictures/Photos In Active Directory”

  1. […] Also see: Pictures/Photos in Active Directory […]

  2. […] Also see: Pictures/Photos in Active Directory […]

  3. […] Also see: Pictures/Photos in Active Directory […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: