Mar 24

Pictures in Active Directory Users and Computers

Categories:

I have always wondered if that is possible, so I challenged my self to find this out. Think how cool it would be if you could search up a person in Active directory and find a picture of the person. It would be much more easy to find persons in a large organization.

I searched the internet for information about this, but I did not find anything useful. Except a page that wrote that there is an example in windows server 2003 sdk that expands ADUC with thumbnail pictures, but he could not get it to work. Hmmm….

Here is a picture that proves that it is possible:

(Its a picture of me by the way)

This is how I did it:

I installed windows server 2003 SDK.
I found the project file under
%ProgramFiles%\Microsoft SDK\Samples\netds\adsi\samples\DSUI\userext\userproppage\userproppage.dsp
I compiled it in Visual studio and included MFC files in the build.
The results of the compilation is a Dll file that I registered with regsvr32
I then started adsiedit.msc and edit adminpropertypages attribute that I found under:
Configuration\cn=configuration,dc=lab,dc=int\cn=409\cn=userdisplay
I then added <number>,{69D967C6-AB39-47b7-8F00-410185C80F89}
(Where number was the next in line) to the adminpropertypages attribute.(In my case the number was 10)
Then I started Active directory users and computers and the Human resources showed up on every user.

In order to implement this properly you have to add this value to all your display specifiers for all the objects you intend to add pictures to.

The best way to do this is with a script.

When pictures are added to the user, the picture is saved in the thumbnailphoto attribute on the user object.

I guess that Microsoft choose not to implement this because of the size pictures can take. Replication can become a problem if the AD base is to big.

If you where to implement this, I would recommend to only allow black and white photos. Just to keep the size of base down.

Use this at your own risk. If you want the dll file you can find it here:

www.msitpros.com/wp-content/uploads/userproppage.dll

UPDATE:
Here is a script to both enable and disable the display specifiers.

ADS_PROPERTY_CLEAR     = 1
ADS_PROPERTY_UPDATE     = 2
ADS_PROPERTY_APPEND     = 3
ADS_PROPERTY_DELETE     = 4
Set objRootDSE = GetObject("LDAP://RootDSE")
strRoot = objRootDSE.Get("configurationNamingContext")
'Set objConfigurationNC = GetObject("LDAP://" & strRoot)
Set colDisplaySpecifiers = GetObject("LDAP://cn=DisplaySpecifiers," & strRoot)
For Each subcont in colDisplaySpecifiers
     Set objLocaleContainer = GetObject("LDAP://" & subcont.distinguishedName)
     'Contact objects
     Set objContact = GetObject("LDAP://cn=contact-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objContact.GetEx("adminPropertyPages")
     arrCounter = Split(arrAdminPropertypages(LBound(arrAdminPropertypages)),",")
     objContact.PutEx ADS_PROPERTY_APPEND,"adminPropertyPages",Array(arrCounter(0) + 1 & ",{69D967C6-AB39-47b7-8F00-410185C80F89}")
     objContact.SetInfo
     Set objContact = Nothing
     'inetOrgPerson-Display objects
     Set objinetOrg = GetObject("LDAP://cn=inetOrgPerson-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objinetOrg.GetEx("adminPropertyPages")
     arrCounter = Split(arrAdminPropertypages(LBound(arrAdminPropertypages)),",")
     objinetOrg.PutEx ADS_PROPERTY_APPEND,"adminPropertyPages",Array(arrCounter(0) + 1 & ",{69D967C6-AB39-47b7-8F00-410185C80F89}")
     objinetOrg.SetInfo
     Set objinetOrg = Nothing
     'User objects
     Set objUser = GetObject("LDAP://cn=user-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objUser.GetEx("adminPropertyPages")
     arrCounter = Split(arrAdminPropertypages(LBound(arrAdminPropertypages)),",")
     objUser.PutEx ADS_PROPERTY_APPEND,"adminPropertyPages",Array(arrCounter(0) + 1 & ",{69D967C6-AB39-47b7-8F00-410185C80F89}")
     objUser.SetInfo
     Set objUser = Nothing
     Set objLocaleContainer = Nothing
Next
WScript.Echo "Done!"

ADS_PROPERTY_CLEAR     = 1
ADS_PROPERTY_UPDATE     = 2
ADS_PROPERTY_APPEND     = 3
ADS_PROPERTY_DELETE     = 4
Set objRootDSE = GetObject("LDAP://RootDSE")
strRoot = objRootDSE.Get("configurationNamingContext")
'Set objConfigurationNC = GetObject("LDAP://" & strRoot)
Set colDisplaySpecifiers = GetObject("LDAP://cn=DisplaySpecifiers," & strRoot)
For Each subcont in colDisplaySpecifiers
     Set objLocaleContainer = GetObject("LDAP://" & subcont.distinguishedName)
     'Contact objects
     Set objContact = GetObject("LDAP://cn=contact-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objContact.GetEx("adminPropertyPages")
     For Each item in arrAdminPropertypages
          If InStr(item,"{69D967C6-AB39-47b7-8F00-410185C80F89}") Then
               objContact.PutEx ADS_PROPERTY_DELETE,"adminPropertyPages",Array(item)
               objContact.SetInfo
          End If
     Next
     Set objContact = Nothing
     'inetOrgPerson-Display objects
     Set objinetOrg = GetObject("LDAP://cn=inetOrgPerson-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objinetOrg.GetEx("adminPropertyPages")
     For Each item in arrAdminPropertypages
          If InStr(item,"{69D967C6-AB39-47b7-8F00-410185C80F89}") Then
               objinetOrg.PutEx ADS_PROPERTY_DELETE,"adminPropertyPages",Array(item)
               objinetorg.SetInfo
          End If
     Next
     Set objinetOrg = Nothing
     'User objects
     Set objUser = GetObject("LDAP://cn=user-Display," & objLocaleContainer.distinguishedName)
     arrAdminPropertypages = objUser.GetEx("adminPropertyPages")
     For Each item in arrAdminPropertypages
          If InStr(item,"{69D967C6-AB39-47b7-8F00-410185C80F89}") Then
               objUser.PutEx ADS_PROPERTY_DELETE,"adminPropertyPages",Array(item)
               objuser.SetInfo
          End If
     Next
     Set objUser = Nothing
     Set objLocaleContainer = Nothing
Next
WScript.Echo "Done!"

The author of these scripts is my colleague Morgan Dahl Simonsen. http://morgansimonsen.wordpress.com

Update 26.09.2010:

It is now compiled for Windows server 2008 R2 by audunms. He is approved under comments field in this post. Anyway, here is his link:

http://www.uccorner.com/wp-content/uploads/2010/09/userproppage.zip

Thanks Audunms

Update 20.10.2010:

This is taken from msexchange post http://msexchangeteam.com/archive/2010/03/10/454223.aspx:

OliD said:

i have written an Active Directory Users & Computers MMC extension to manage the thumbnailPhoto ( and EmployeeId/Number) – it resizes the selected image to 96×96 for you. It adds two tabs to the User properties page:

http://www.dewdney.co.uk/adext/adext.zip

I have tested this and it works as a charm on Windows server 2008r2. This extension has the thumbnailphoto and jpgphoto attribute. There is a readme in the zip file that explains the installation procedure. Simply genius.

Update 08.12.2010:

Information on using pictures in Sharepoint:

http://www.uccorner.com/188/sharepoint/sharepoint-2010-user-profile-pictures-two-way/

Information on using pictures in Lync 2010:

http://www.codesalot.com/2010/photos-in-lync-2010/

http://blogs.technet.com/b/nexthop/archive/2010/11/22/microsoft-lync-2010-photo-experience.aspx

Information on using pictures in Exchange 2007/2010 with Outlook 2010:

http://msexchangeteam.com/archive/2010/03/10/454223.aspx

So there are now 3 variants of the ADUC extension. One created by me(Microsoft), one from AudunMS, and one from a guy called OliD. The one to use is OliD’s one: http://www.dewdney.co.uk/adext/adext.zip

This will also compress the picture so it does not take up as much space. When you use this you do not have to change the display specifiers as described in this post. All installation instructions are within the ZIP file. In order for the thumbnail attribute to get replicated you have to change the attribute in the schema MMC.

You have to make sure the "Replicate this attribute to the Global Catalog" is set.

I will try to create a post later on how to utilize the thumbnailphoto attribute to change the user logo picture in windows on desktops.

And please, feel free to comment on other areas we can utilize thumbnailphoto.

UPDATE 10.01.2010:

Just stumbled over a standalone program for managing/viewing pictures in Active Directory called AD photo Edit. Definitly worth a look:

http://www.cjwdev.co.uk/Software/ADPhotoEdit/Info.html

I also wrote a post on using pictures in Active directory:

http://msitpros.com/?p=1036

Tags: Active Directory, Adsiedit

30 comments

2 pings

Skip to comment form ↓

Preston

April 6, 2009 at 7:04 pm (UTC 2) Link to this comment

Reply

I have this compiled with JPG support if anyone cares to know how we did it shoot me an e-mail gallwapa@puyallup.k12.wa.us
KonstantinMiller

July 7, 2009 at 12:09 am (UTC 2) Link to this comment

Reply

Hi. I like the way you write. Will you post some more articles?
archlord gold

August 7, 2009 at 6:35 am (UTC 2) Link to this comment

Reply

this is exactly the post I needed to see!
Dako

August 31, 2009 at 11:21 am (UTC 2) Link to this comment

Reply

Good article! Why not using jpegPhoto attribute for storing the image, instead of thumbnailPhoto?

Ref:
http://www.chineseinnorthamerica.com/technical/active%20directory/active%20directory%20images.html
John

October 8, 2009 at 10:08 pm (UTC 2) Link to this comment

Reply

Hi,
Can you post the code for the DLL. Thanks.
Narto Hentai Manga

October 10, 2009 at 2:48 am (UTC 2) Link to this comment

Reply

mm… nice..
R2

October 12, 2009 at 6:50 pm (UTC 2) Link to this comment

Reply

How would you do this is server 2008
Zombie

October 28, 2009 at 6:34 pm (UTC 2) Link to this comment

Reply

Hi Oddvar
Is there someway through your article that we can see the picutes in MS Outlook 2007 (With Exchange)??

Thanks
Oddvar

October 28, 2009 at 7:01 pm (UTC 2) Link to this comment

Reply

Hi Zombie and all you other that have commented this article. No there is no way to display these pictures through Exchange 200x GAL. I have tried to make it work, but GAL is not programmed to display graphics. And both the thumbnailPhoto and jpegPhoto does not have a mAPIID and that is required to be displayed in GAL.

The code for the DLL is located in windows 2003 SDK.

I will make a follow up article soon on how to make this work for Windows server 2008.
Mike

November 12, 2009 at 5:04 pm (UTC 2) Link to this comment

Reply

I have downloaded the SDK from Microsoft, but I can not find the sample userproppage.dsp. I searched MSDN site for the sample and have had not luck. Please send email me the file or post the code. I would like to modify the code sample so that it uses the jpegPhoto attribute instead of the thumbnailPhoto attribute.

Thanks
Oddvar

November 18, 2009 at 1:15 pm (UTC 2) Link to this comment

Reply

Hi Mike. Its important that you download sdk for 2003. It is removed in the 2008 version.
Gareth Douce

December 8, 2009 at 11:57 am (UTC 2) Link to this comment

Reply

Hi,

Does this picture then show on desktop machines – i.e. welcome screens, logon screens, and start menus?

Gareth
1. Oddvar
  
  December 9, 2009 at 12:49 pm (UTC 2) Link to this comment
  
  Reply
  
  Unfortantly not. I wish that it would. In order to do that you have to does something on the clients. This could be a VBscript that pulls the data from Active Directory and writes it to a picture on the localcomputer and changes the registry so it will use the new picture.
JC

January 6, 2010 at 10:10 pm (UTC 2) Link to this comment

Reply

Saludos:
De qué manera agregas las librerias MFC en el proyecto?. Ya descargue el paquete VC2008FeaturePack para Visual 2008, pero no se de que manera lo agregas al proyecto userproppages.

Mi pregunta es si creaste un nuevo proyecto o modificaste directamente el archivo userproppage-dsp agergando las librerias MFC. Si las agregaste, quisiera saber de que manera lo hiciste para su correcta compilación.

Thanks, and Happy new year.
JC

January 6, 2010 at 10:11 pm (UTC 2) Link to this comment

Reply

Sorry
How you add the MFC libraries to the project?. You download the package Visual VC2008FeaturePack for 2008, but that does not add to the project so it userproppages.

My question is if you created a new project or directly modifying the file-dsp userproppage agergas the MFC libraries. If you added, I know how you did it for proper compilation.

Thanks, and Happy new year.
Adam Toth

January 8, 2010 at 4:08 pm (UTC 2) Link to this comment

Reply

Hi,

I have an error when I try to change the picture:
Failed to write Thumbnail Photo attribute, with hr = 0x8007202f

Where do I put the pictures? I guess I have to put them in a public location and use an UNC path, but that doesn’t work too.
Thanks!
Adam Toth

January 8, 2010 at 4:09 pm (UTC 2) Link to this comment

Reply

Here is a description of the error:
http://support.microsoft.com/kb/286760
Oddvar

January 14, 2010 at 10:45 pm (UTC 2) Link to this comment

Reply

Hi Adam.
The hex code indicates “A constraint violation occurred”. This probably means missing rights in Active Directory. Are you a domain admin?

Oddvar
Oddvar

January 14, 2010 at 10:47 pm (UTC 2) Link to this comment

Reply

Hi JC. I can’t realy remember how I added the MFC library. As far as my memory goes I think it was only a little “box” I checked inside Visual studio. Have you googled it?

Oddvar
Preston

March 8, 2010 at 5:29 pm (UTC 2) Link to this comment

Reply

util.h / util.cpp contain most/ all of the changes relating to JPEG Support if my memory serves. You may wish to delete the GUI element for “last workstation” as we use that attribute in our AD to read the value of ‘otherloginworkstations’

http://rapidshare.com/files/360678247/userproppage_-_Copy.zip.html

It can only be downloaded 10 times. Can someone re-host this?
Preston

March 8, 2010 at 5:30 pm (UTC 2) Link to this comment

Reply

Also note, the “add picture” functionality is broken so you MUST use an alternate method to populate the jpeg into AD.
Oddvar

March 8, 2010 at 10:00 pm (UTC 2) Link to this comment

Reply

I will re-host it.
http://www.moe.am/wp-content/uploads/userproppage_-_Copy.zip
rafat

March 18, 2010 at 9:52 am (UTC 2) Link to this comment

Reply

hiii, the dll file is works fine on windows 2008 32bit but doesn’t work on 64bit, please i need a one for 64bit…..
Preston

March 23, 2010 at 4:14 pm (UTC 2) Link to this comment

Reply

FYI if anyone has Exchange 2010/Outlook 2010

http://msexchangeteam.com/archive/2010/03/10/454223.aspx
audunms

September 24, 2010 at 7:28 am (UTC 2) Link to this comment

Reply

Hi,
I have compiled a 64-bit version of the DLL. Tested in Windows Server 2008 R2.
http://www.uccorner.com/wp-content/uploads/2010/09/userproppage.zip
~madmin~

October 21, 2010 at 3:34 pm (UTC 2) Link to this comment

Reply

Excellent Post!
OLiD’s ADUC extension is no longer available though the link he provided, any chance of you re-hosting it for us?
Oddvar

October 22, 2010 at 2:43 pm (UTC 2) Link to this comment

Reply

Tried to click the link. It seems to work…..
Tobias

April 18, 2011 at 2:41 pm (UTC 2) Link to this comment

Reply

Excellent Post!!
But it is pity the tool is showing only pictures there are uploaded in the Active Directory as .bmp file.

I dont can see pictures there are uploaded as jpg.

Do you have an idea?
Oddvar

April 20, 2011 at 8:42 am (UTC 2) Link to this comment

Reply

Hi Tobias.
Look at this:
http://www.moe.am/index.php/2011/02/using-pictures-from-active-directory/
Matt

August 30, 2011 at 3:57 pm (UTC 2) Link to this comment

Reply

Tobias, I think CodeTwo Active Directory Photos does not limit you to .bmp files. For me personally it was nice to discover it’s a free app (I’m not good at coding as much as Oddavar, so this was something I’ve been waiting for a longtime).hope it can help you too