PowerShell Functions: Add-ADPhoto

Recently I had a colleague ask me how to get Outlook to display a picture for people outside the company, since everyone in the company had a picture in Outlook.

Well, that was a pretty good question, as I wasn’t quite sure why everyone in the company had pictures to begin with. As it turns out, I did it unintentionally.

Spiceworks (I think it was v5) introduced “People View” where you can have pictures for your users. Since I already had Spiceworks pulling user information from Active Directory, I just stored the pictures in the Active Directory User Account object (I used the thumbnailPhoto attribute which is what this function uses, though there is code in there for using the jpegPhoto attribute too if you prefer). I’m lazy like that.

The AD Schema was extended to facilitate this with Server 2008, so if you have a Server 2008 domain controller, or have extended your AD Schema in preparation for moving to Server 2008, you can now store pictures in AD User Account objects. Aaaaand¬†shenanigans¬†ensue in 3… 2… 1…

Well time moves on, and when I upgraded all my users to Office 2010, voila pictures in Outlook!

One of the things that came out of that whole fiasco was some (really hacked together and sloppy) PowerShell code that I used to get the pictures into Active Directory.

For whatever reason, I recently started going through my stack pile heap mountain dear god what is all this collection of PowerShell code and creating Functions out of anything that I might need to use again.

Thus I give you Add-ADPhoto:

    ##--------------------------------------------------------------------------
    ## FUNCTION.......: Add-ADPhoto
    ## PURPOSE........: Stores a picture in an Active Directory account.
    ## REQUIREMENTS...: PowerShell v2.0, Windows Server 2008 or newer Active
    ## Directory.
    ## NOTES..........:
    ##--------------------------------------------------------------------------
    Function Add-ADPhoto {
        <#
        .SYNOPSIS
         Stores a picture in an Active Directory account.
        .DESCRIPTION
         Starting with Server 2008, Microsoft has added the ability to store
         pictures in Active Directory User Accounts. To do this
         programmatically, the picture must be converted to a Byte Array, which
         this script will do for you.
         Pictures stored in Active Directory User Accounts are limited to 100KB
         in size, as defined in the AD Schema. If you are going to use this
         primarily for displaying photos in Outlook, you'll want to size the
         photos to 96x96 pixels first, as this is the exact dimentions of the
         GAL photo box in Outlook.
        .PARAMETER UserName
         The User logon name for the account the picture will be stored in.
         Alias: -un
        .PARAMETER File
         The full path and file name of the picture to be stored in the user
         account.
         Alias: -f
        .EXAMPLE
         C:\PS>Add-ADPhoto user1 c:\pic.jpg

         This example will set the jpegPhoto attribute in Active Directory for
         the user account with the User logon name of "user1" to the file
         "c:\pic.jpg".

        .NOTES
         NAME......: Add-ADPhoto
         AUTHOR....: Joe Glessner
         LAST EDIT.: 29NOV11
         CREATED...: 28NOV11
        .LINK
         https://joeit.wordpress.com/
        #>

        [CmdletBinding()]
        Param (
            [Parameter(Mandatory=$True,
                #ValueFromPipeline=$True,
                #ValueFromPipelineByPropertyName=$True,
                Position=0)]
            [Alias('un')]
            [String]$UserName,
            [Parameter(Mandatory=$True,
                #ValueFromPipeline=$True,
                #ValueFromPipelineByPropertyName=$True,
                Position=1)]
            [Alias('f')]
            [String]$File
        )#End: Param

        ##----------------------------------------------------------------------
        ## Search AD for the user, set the path to the user account object.
        ##----------------------------------------------------------------------
        $Searcher = New-Object DirectoryServices.DirectorySearcher([ADSI]"")
        $Searcher.Filter = "(&(ObjectClass=User)(SAMAccountName= $UserName))"
        $FoundUser = $Searcher.findOne()
        $P = $FoundUser | Select path
        Write-Verbose "Retrieving LDAP path for user $UserName ..."
        If ($FoundUser -ne $null) {
            Write-Verbose $P.Path
        }#END: If ($FoundUser -ne $null)
        Else {
            Write-Warning "User $UserName not found in this domain!"
            Write-Warning "Aborting..."
            Break;
        }#END: Else
        $User = [adsi]$P.path
        ##----------------------------------------------------------------------
        ## Attach the picture to the AD account object.
        ##----------------------------------------------------------------------
        Write-Verbose "Byte Encoding jpg file..."
        If ($File -ne $null) {
            [Byte[]]$jpg = Get-Content $File -encoding byte
            Write-Verbose "Clearing thumbnailPhoto attribute for $UserName"
            $User.Properties["thumbnailPhoto"].Clear()
            #Write-Verbose "Clearing jpegPhoto attribute for $UserName ..."
            #$User.Properties["jpegPhoto"].Clear()
            Write-Verbose "Setting photo for $UserName to $File ..."
            $User.Properties["thumbnailPhoto"].Value = $jpg
            #$User.Properties["jpegPhoto"].Value = $jpg
            $User.SetInfo()
            Write-Verbose "Attribute set!"
        }#END: If ($File -ne $null)
        Else {
            Write-Warning "$File does not exist!"
            Write-Warning "Aborting..."
            Break;
        }#END: Else
    }#END: Function Add-ADPhoto

There are two companion functions for this, Show-ADPhoto, and Remove-ADPhoto, which will be posted separately in the very near future.

 

%d bloggers like this: