Direkt zum Hauptbereich

Import Exchange Global Address List (GAL) images into Active Directory (Part 2)

Over the years, displaying recipient photographs in the Global Address List (GAL) has been a frequently-requested feature, high on the wish lists of many Exchange folks. Particularly in large organizations or geographically dispersed teams, it's great to be able to put a face to a name for people you've never met or don't frequently have face time with. Employees are commonly photographed when issuing badges/IDs, and many organizations publish the photos on intranets.
There have been questions about workarounds or third-party add-ins for Outlook, and you can also find some sample code on MSDN and elsewhere. A few years ago, an IT person wrote ASP code to make employee photos show up on the intranet based on the Employee ID attribute in Active Directory (AD) - which was imported from the company's LDAP directory. A fun project to satisfy the coder alter-ego of the IT person.
Luckily, you won't need to turn to your alter-ego to do this. Exchange 2010 and Outlook 2010 make this task a snap, with help from AD. AD includes the Picture attribute (we'll refer to it using its ldapDisplayName: thumbnailPhoto) to store thumbnail photos, and you can easily import photos— not the high-res ones from your 20 megapixel digital camera, but small, less-than-10K-ish ones, using Exchange 2010's Import-RecipientDataProperty cmdlet.
The first question most IT folks would want to ask is— What's importing all those photos going to do to the size of my Active Directory database? And how much Active Directory replication traffic will this generate? The thumbnailPhoto attribute can accomodate photos of up to 100K in size, but the Import-RecipientDataProperty cmdlet won't allow you to import a photo that's larger than 10K. (Note, the attribute limit was stated as 10K earlier. This has been updated to state the correct value. -Bharat)
The original picture used in this example was 9K, and you can compress it further to a much smaller size - let's say approximately 2K-2.5K, without any noticeable degradation when displayed at the smaller sizes. If you store user certificates in Active Directory, the 10K or smaller size thumbnail pictures are comparable in size. Storing thumbnails for 10,000 users would take close to 100 Mb, and it's data that doesn't change frequently.
Note: The recommended thumbnail photo size in pixels is 96x96 pixels.
With that out of the way, let's go through the process of adding pictures.

A minor schema change

First stop, the AD Schema. A minor schema modification is required to flip the thumbnailPhoto attribute to make it replicate to the Global Catalog.
  1. If you haven't registered the Schema MMC snap-in on the server you want to make this change on, go ahead and do so using the following command:
    Regsvr32 schmmgmt.dll
  2. Fire up a MMC console (Start -> Run -> MMC) and add the Schema snap-in
  3. In the Active Directory Schema snap-in, expand the Attributes node, and then locate the thumbnailPhoto attribute. (The Schema snap-in lists attributes by its ldapDisplayName).
  4. In the Properties page, select Replicate this attribute to the Global Catalog, and click OK.

    Figure 1: Modifying the thumbnailPhoto attribute to replicate it to Global Catalog

Loading pictures into Active Directory

Now you can start uploading pictures to Active Directory using the Import-RecipientDataProperty cmdlet, as shown in this example:
Import-RecipientDataProperty -Identity "Bharat Suneja" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\BharatSuneja.jpg" -Encoding Byte -ReadCount 0))
To perform a bulk operation you can use Get-Mailbox cmdlet with your choice of filter (or Get-DistributionGroupMember if you want to do this for members of a distribution group), and pipe the mailboxes to a foreach loop. You can also retrieve the user name and path to the thumbnail picture from a CSV/TXT file.

Thumbnails in Outlook 2010

Now, let's fire up Outlook 2010 and take a look what that looks like.
In the Address Book/GAL properties for the recipient

Figure 2: Thumbnail displayed in a recipient's property pages in the GAL

When you receive a message from a user who has the thumbnail populated, it shows up in the message preview.

Figure 3: Thumbnail displayed in a message
While composing a message, the thumbnail also shows up when you hover the mouse on the recipient's name.

Figure 4: Recipient's thumbnail displayed on mouse over when composing a message
There are other locations in Outlook where photos are displayed. For example, in the Account Settings section in the Backstage Help view.
Update from the Outlook team
Our friends from the Outlook team have requested us to point out that the new Outlook Social Connector also displays GAL Photos, as well as photos from Contacts folders and from social networks, as shown in this screenshot.

Figure 5: Thumbnail photos displayed in the People Pane in the Outlook Social ConnectorMore details and video in Announcing the Outlook Social Connector on the Outlook team blog.

GAL Photos and the Offline Address Book

After you've loaded photos in Active Directory, you'll need to update the Offline Address Book (OAB) for Outlook cached mode clients. This example updates the Default Offline Address Book:
Update-OfflineAddressBook "Default Offline Address Book"
In Exchange 2010, the attributes in an OAB can be customized. This is done using the ConfiguredAttributes property of the OAB (see Set-OfflineAddressBook cmdlet). ConfiguredAttributes is populated with the default set of attributes, and you can modify it to add/remove attributes as required.
By default, thumbnailPhoto is included in the OAB as an Indicator attribute. This means the value of the attribute isn't copied to the OAB— instead, it simply indicates the client should get the value from AD. If an Outlook client (including Outlook Anywhere clients connected to Exchange using HTTPS) can access AD, the thumbnail will be downloaded and displayed. When offline, no thumbnail downloads. Another example of an Indicator attribute is the UmSpokenName.
You can list all attributes included in the default OAB using the following command:
(Get-OfflineAddressBook "Default Offline Address Book").ConfiguredAttributes
For true offline use, you could modify the ConfiguredAttributes of an OAB to make thumbnailPhoto a Value attribute. After this is done and the OAB updated, the photos are added to the OAB (yes, all 20,000 photos you just uploaded...). Depending on the number of users and sizes of thumbnail photos uploaded, this would add significant bulk to the OAB. Test this scenario thoroughly in a lab environment— chances are you may not want to provide the GAL photo bliss to offline clients in this manner.
To prevent Outlook cached mode clients from displaying thumbnail photos (remember, the photo is not in the OAB— just a pointer to go fetch it from AD), you can remove the thumbnailPhoto attribute from the ConfiguredAttributes property of an OAB using the following command:
$attributes = (Get-OfflineAddressBook "Default Offline Address Book").ConfiguredAttributes
Set-OfflineAddressBook "Default Offline Address Book" -ConfiguredAttributes $attributes


Beliebte Posts aus diesem Blog

Microsoft Office 2013 aktivieren via Kommandozeile

Wie man das neue Microsoft Office 2013 aktiviert via Kommandozeile, das werde ich euch in dem folgenden Beitrag Schritt für Schritt erklären. Gerade in grösseren Systemumgebungen in welchen die Clients und Standard Software automatisiert installiert werden, kann das sehr hilfreich sein und erspart einem viel Arbeit nach der Installation des Clients. Das Ziel sollte sein, möglichst viel zu automatisieren und soweit möglich, wenig noch händisch zu konfigurieren. Da kommt dieser Beitrag sicherlich nicht ungelegen. Die folgenden Befehle könnte man beispielsweise ganz einfach in eine MDT (Microsoft Development Toolkit) Umgebung mit einbeziehen oder auch mit anderer Software benutzen. Wichtig zu wissen ist, dass dies nur dann funktioniert, wenn Microsoft Office 2013 über das Internet aktiviert wird. Hat man einen eigenständigen Aktivierungsserver (KMS), funktioniert dies nicht. Zudem müssen die Befehle alle mit Administrator Rechte ausgeführt werden. Normale Benutzerberechtigungen genügen …

Windows Domain Controller: Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar

Zurzeit häuft sich (warum auch immer) das Problem dass nach einem Neustart eines Windows Domain Controllers bei der Anmeldung die Fehlermeldung „Es sind momentan keine Anmeldeserver zum Verarbeiten der Anmeldeanforderung verfügbar“ kommt und eine Anmeldung so nicht möglich ist Das Problem ist hierbei das der Domain Controller im Active Directory Reperatur Modus (Abgesicherter Modus) startet. Am einfachsten lässt sich dieses Problem folgendermaßen beheben: 1) Anmeldung mit dem DSRM (Directory Services Restore Mode) / Verzeichnisdienstwiederherstellungskennwort Falls die Anmeldung nicht funktioniert kann man einen Workaround wie hier beschrieben durchführen. 2) Systemkonfiguration mittels msconfig.exe aufrufen

WSUS won’t uninstall or re-install

Hat heute ein Problem mit WSUS unter Windows Server 2008 R2 bei einem Kunden. Das Problem - die Clients konnten keinen Verbindung zum WSUS Server herstellen. Die Deinstallation wurde unerwartet beenden mit folgender Fehlermeldung: Attempt to un-install Windows Server Update Services failed with error code 0x80070643. Fatal error during installation  Die Lösung: I don’t like Windows Server Update Services (WSUS), but it’s the free alternative many companies select over the higher cost alternatives like Intune or Systems Center. So, today I had to repair a damaged WSUS installation. Turns out someone uninstalled SQL Server 2005 Express not realizing WSUS was using it. Now firing up the WSUS console just yielded an error complaining about the missing SQL database. So like any good troubleshootin IT guy the first thing I tried was to uninstall WSUS…sadly, however the product would not uninstall or re-install. Here’s how I finally got rid of it: [the problem] WSUS 3.0 SP2 is missing SQL serv…