In this post we are going to setup On-Premises SharePoint User Profile Synchronisation to import profile photos from Active Directory.
These instructions work for either SharePoint 2010 or 2013, but for SharePoint 2013, this assumes you are using SharePoint Profile Synchronization and not Active Directory Import or External Identity Manager.
The steps involved are straightforward enough;
- Populate the thumbnailPhoto attribute of Active Directory accounts with profile photos
- Map the SharePoint Picture profile property to the thumbnailPhoto AD attribute
- Perform a Full/Incremental synchronization
Add Photo(s) to Active Directory User(s)
This may be done as part of your wider identity/AD management infrastructure, but you can also use Powershell to add photos to user accounts;
Import-Module ActiveDirectory -ea SilentlyContinue
$pPhoto = [byte[]](Get-Content "C:\userPhotos\carol.jpg" -Encoding byte)
Set-ADUser "PDOGS\carol" -Replace @{ thumbnailPhoto=$pPhoto }
The types of image recommended are JPG’s and less than 100K in size.
Configure the ‘Picture’ User Profile Property
In Central Administration go to Manage Service Applications » User Profile Synchronization » User Profile Properties, locate the Picture property and click on Edit;
Add a new mapping using the thumbnailPhoto AD attribute, set the direction to Import and click Add.
Verify the mapping;
Now click OK.
Start a Full/Incremental Synchronization
In Central Administration go to Manage Service Applications » User Profile Synchronization » Start Profile Synchronization
Now start either a Full or Incremental synchronization.
Check User Profile page in SharePoint
When the synchronization has finished, go to a user profile page and check to see if the profile photos were imported; http://<my site host>/Person.aspx?Account=<domain/account name>
Chances are that the profile photo is not displayed.
Check the FIM Client
First we’ll check that FIM synchronization included the Active Directory user account photos;
- Open the FIM Synchronization client found at; C:\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe, or C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe for SharePoint 2010
- Select the last operation for your profile sync connection named DS_DELTASYNC
- Click on Connectors with Flow Updates
- Double click a user account and check that the item with attribute name thumbnailPhoto contains the hex representation of the profile photo;
Check Profile and Sync Databases
With that part verified, we’ll now check the Profile and Synchronization databases to see if the photos were imported there;
- Start SQL Server Management Console and open a new query window
- Check that the Synchronization database contains the user account photo;
USE <SP2013_Sync>
GO
SELECT sAMAccountName,PictureURL
FROM MMS_Metaverse
WITH(NOLOCK)
WHERE SAMAccountName LIKE '<user account name>'
* Remember to change the synch database name.
- Check that the Profile database does not contain the user account photo;
USE <SP2013_Profile>
GO
SELECT NTname,PictureURL
FROM UserProfile_full
WITH(NOLOCK)
WHERE NTName LIKE '%<user account name>%'
* Remember to change the profile database name.
Update the Profile Photostore
Now we need to tell SharePoint about the imported profile photos so it can create the 3 scaled profile pictures, to do this we can use the Update-SPProfilePhotoStore Powershell command;
Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos $true`
-MySiteHostLocation "http://<my site host>"
If you run this command and see the following exception, it likely means that the account you’re running the command as doesn’t have sufficient permissions on the User Profile Synchronisation service application;
Update-SPProfilePhotoStore : UserProfileApplicationNotAvailableException_Logging ::
UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache
does not have 22411bc8-8e28-4164-b6fb-7f5cd51b1fc9At line:1 char:1+ Update-SPProfilePhotoStore
-CreateThumbnailsForImportedPhotos $true -MySiteHostL ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Offic...ofilePhotoStore:SPCmdletUserProfilePhotoStore)
[Update-SPProfilePhotoStore],
UserProfileApplicationNotAvailableException
+ FullyQualifiedErrorId : Microsoft.Office.Server.UserProfiles.PowerShell.SPCmdletUserProfilePhotoStore
The user account running the powershell command must be a service application Administrator and have permissions to access the User Profile Synchronisation service application, to do this;
- In Central Administration go to Manage Service Applications and click in the row for User Profile Synchronization
- Click Administrators in the ribbon, add your account and set permissions and click OK
- Click Permissions in the ribbon, add your account and set permissions and click OK
After setting the appropriate permissions and running the Update-SPProfilePhotoStore command you should now see the imported profile pictures displayed on users profile pages.
platinumdogs.me 
UPA is setup as normal to run delta every 4 hours and full every 2 days. However, I notice that photos aren’t being updated. Do I have to run the update-spprofilephotostore either manually or schedule it?
$mysitesUrl = “http://mysite.company.org”
$mySitesHost = Get-SPSite –Identity $mySitesUrl
Update-SPProfilePhotoStore –MySiteHostLocation $mySitesHost –CreateThumbnailsForImportedPhotos $true