Dealing with User Photos in Exchange 2010 and 2013

I recently update my teams internal documentation for how Photos are handled in Excahnge 2013 and figure it might be helpful to others, enjoy!

Outlook 2010 and Exchange 2010

Outlook 2010/Exchange 2010 pulls from the AD attribute thumbnailPhoto. This attribute can hold up to a 100K file but keep in mind this increases the size of the Active Directory database. The recommended size for Exchange 2010 and Outlook 2010 is a 10K file that is 96×96 pixels. These pictures are only displayed internally and are not accessible to anyone outside of the Exchange environment unless federation between other organizations has been put in place.

This attribute can be populated via the following methods:

1. AD cmdlet

   1. $photo = [byte[]](Get-Content "C:\Photos\User.jpg" -Encoding byte)

   2. Set-ADUser USERNAME -Replace @{thumbnailPhoto=$photo}

2. Exchange cmdlet

   1. Import-RecipientDataProperty -Identity USERNAME -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\Photos\User.jpg" -Encoding Byte -ReadCount 0))

3. 3rd party GUI tools  like AD Photo Edit

This attribute can be cleared via the following methods

1. AD cmdlet

   1. Set-ADUser USERNAME -Clear Thumbnailphoto

2. Exchange cmdlet

   1. Set-Mailbox USERNAME -RemovePicture

3. 3rd party GUI tools like AD Photo Edit
4. Active Directory Service Interfaces Editor (ADSI Edit)
5. Active Directory Users and computers
   1. Go to user account -> Attribute Editor -> thumbnailPhoto -> Clear

By default users have the ability to change their own attribute, but can only do so via a 3rd party tool like AD Photo Edit or via the command line. End users can be denied the ability to change their own thumbnailPhoto attribute in AD by denying  SELF the “Write thumbnailPhoto” permission on that user’s AD object. This needs to be done on each individual account and cannot be done at an OU level. The reason being is that by default an User account is allowed to edit its own personal information and this explicit allow on a user object takes precedence over an inherited deny from the OU. Currently no “one stop” method to change this attribute from a user perspective exists in Exchange 2010

Once the thumbnailPhoto attribute has been updated, Outlook 2010 Clients in online mode (and Outlook Web Access) will be able to see the picture immediately. Outlook 2010 clients in cached mode will see the picture the next time the Exchange Offline Address Book is updated, which is every day at 5AM, 11AM, and 5PM by default. Note that the OAB does not contain the actual picture files but directs the Outlook client to pull them from Active Directory.

Outlook 2010 clients in cached mode will download the Offline Address Book once every 24 hours. This can be forced at any time in Outlook 2010 by going to the Send / Receive Tab -> Send/Receive Groups drop down -> Download Address Book… .

Then a window labeled Offline Address book – USER NAME will pop-up, make sure the following settings are set:

• Check the box for Download changes since last Send/Receive
• Radio button for Full Details selected
• From the Choose address book drop down select \Global Address List

Then click the OK button. Depending on the traffic to and from the Exchange server this process can take up to 30 minutes.

Note that the option to Show User Photographs when available (under File -> Options -> Contacts) in Outlook 2010 does not clear out the users thumbnailPhoto attribute in AD, it only stops the Outlook 2010 client from displaying the photos stored in that attribute.

Updates to Exchange 2013

Exchange 2013 has the following enhancements in regards to photos:

1. Exchange now stores a higher res version (up to 648×648 pixels) of a user photo directly in a user’s mailbox, and applications like Outlook, Lync, and SharePoint will pull the picture via EWS
   1. The only limit to setting photos is that is must be under 20MB.
   2. If a picture larger than 648×648 is upload and
      1. it’s a perfect square then Exchange will scale it down to 648×648
      2. It’s not a perfect square then Exchange will grab 648×648 pixel portion of the picture that resides in the center of the picture, with a slight bias (~15%) to the top half
         1. 
      3. When the picture is uploaded to the mailbox a 48×48 pixel version is also stored in the thumbnailPhoto AD attribute of the user
         1. Note that if the thumbnailPhoto AD attribute is changed, it will not be pushed back to the mailbox. So you can have different photos in both locations
         2. Also note this is lower the recommend size of 96×96 pixels
         3. Exchange 2010 users and any application that isn’t aware of or can’t connect to the Exchange 2013 mailbox of a user who will default to the thumbnailPhoto attribute in AD
      4. Pictures can be uploaded directly by users through Outlook Web Access, this can be disabled
      5. The 2013 Lync client and SharePoint 2013 will attempt to pull the high resolution picture from the mailbox 1^st before falling back to the thumbnailPhoto This can happens in instances when Exchange is unavailable to those applications
         1. Exchange can automatically resize the photo stored in the mailbox as needed for any given application that accesses it

This attribute can be populated via the following methods:

1. Exchange cmdlets (multiple methods)

   1. Set-UserPhoto USERNAME -PictureData ([System.IO.File]::ReadAllBytes("C:\Photos\USERNAME.jpg"))

   2. Import-RecipientDataProperty -Identity USERNAME -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\Photos\USERNAME.jpg" -Encoding Byte -ReadCount 0))

Working with Photos

1. Using the Exchange cmdlets in the Exchange Management console (EMS)
   1. Verify that a mailbox has a photo

      1. (Get-mailbox USERNAME).HasPicture

   2. Remove a user’s photo using the following command

      1. Remove-UserPhoto USERNAME

   3. Export the photo in a mailbox

      1. (Get-UserPhoto USERNAME).pictureData | ForEach { $_ | Add-Content C:\temp\USERNAME.jpg -Encoding Byte}

      2. (Export-RecipientDataProperty -Identity USERNAME –Picture).FileData | ForEach { $_ | Add-Content C:\temp\USERNAME.jpg -Encoding Byte}

   4. Via Exchange Webservices (EWS)
      1. Get a user’s photo (using various file sizes)
         1. https://MAIL.contso.com/ews/Exchange.asmx/s/GetUserPhoto?email=FIRSTNAME.LASTNAME@msx.bala.susq.com&size=HR648x648
         2. https://MAIL.contso.com /ews/Exchange.asmx/s/GetUserPhoto?email=FIRSTNAME.LASTNAME@msx.bala.susq.com&size=HR48x48
      2. Here are all the supported resolutions
         • 48×48
         • 64×64
         • 96×96
         • 120×120
         • 240×240
         • 360×360
         • 432×432
         • 504×504
         • 648×648

Links

• How user photos are displayed in Lync
• Configure the use of high-resolution photos in Skype for Business Server 2015
• Working with Hi-Res Photos in Exchange 2013 and Lync 2013
• User Profile Pictures, Exchange 2013, and SharePoint