dspent
asked on
User Photos in Active Directory
Many programs like Dameware and Hyena allow you to associate a picture with a user's account.... I'm curious if this info is being stored in Active Directory somewhere and if so, how do you go about enabling this functionality directly in AD rather than having to use a 3rd party program.
I put a few pictures in Dameware, then deleted the picture files from my desktop and then opened dameware on another admin's machine, and the pictures are still there....so I'm guessing this info is being stored in AD somewhere. But WHERE????
Thanks,
-Jones
I put a few pictures in Dameware, then deleted the picture files from my desktop and then opened dameware on another admin's machine, and the pictures are still there....so I'm guessing this info is being stored in AD somewhere. But WHERE????
Thanks,
-Jones
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ldifde -r "(objectClass=user)" -f C:\export.ldf -v
will extract all the info in the AD domain you're logged onto where the objectClass is user, this will be saved into c:\export.ldf . I'm showing you this particular command because you can have a look then at how an existing user with a photo already configured is stored and compare to the sample import file I've provided below.
do some testing on a test account so nothing gets mucked up (I don't have a test AD i can try this on right now).
:: denotes it's a Base64 value. I'm not 100% that this is necessary but all other values that are octet string (eg: SIDs, GUIDs) are represented in Base64 if you do an ldifde export so it must be required to avoid the import/export process killing the value. (sorry - another conversion for you).
- is a delimiter to indicate to ldifde that it's reached the end of the import file.
To import: ldifde -i -f c:\import.ldf
From what I can figure, your import file (import.ldf) will look something like this sample import for 4 users:
dn: CN=Joe Blue,CN=Users,DC=mydomain, DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH pDFwoyckEB AA==
dn: CN=Jenny Green,CN=Users,DC=mydomain ,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH pDFwoyckEB AA==
dn: CN=James Red,CN=Users,DC=mydomain,D C=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH pDFwoyckEB AA==
dn: CN=Jane Purple,CN=Users,DC=mydomai n,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH pDFwoyckEB AA==
-
I recommend you go and doublecheck the syntax on what I've advised.
For LDIFDE Syntax see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/32872283-3722-4d9b-925a-82c516a1ca14.mspx
it's been a long while since I've done any importing.
will extract all the info in the AD domain you're logged onto where the objectClass is user, this will be saved into c:\export.ldf . I'm showing you this particular command because you can have a look then at how an existing user with a photo already configured is stored and compare to the sample import file I've provided below.
do some testing on a test account so nothing gets mucked up (I don't have a test AD i can try this on right now).
:: denotes it's a Base64 value. I'm not 100% that this is necessary but all other values that are octet string (eg: SIDs, GUIDs) are represented in Base64 if you do an ldifde export so it must be required to avoid the import/export process killing the value. (sorry - another conversion for you).
- is a delimiter to indicate to ldifde that it's reached the end of the import file.
To import: ldifde -i -f c:\import.ldf
From what I can figure, your import file (import.ldf) will look something like this sample import for 4 users:
dn: CN=Joe Blue,CN=Users,DC=mydomain,
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH
dn: CN=Jenny Green,CN=Users,DC=mydomain
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH
dn: CN=James Red,CN=Users,DC=mydomain,D
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH
dn: CN=Jane Purple,CN=Users,DC=mydomai
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLH
-
I recommend you go and doublecheck the syntax on what I've advised.
For LDIFDE Syntax see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/32872283-3722-4d9b-925a-82c516a1ca14.mspx
it's been a long while since I've done any importing.
I'm finding multiple photo attributes for Windows 2003 server..."jpegPhoto" and "photo". Maybe this will help someone.
photo - http://msdn2.microsoft.com/en-us/library/ms679116.aspx
jpegPhoto - http://msdn2.microsoft.com/en-us/library/ms676813.aspx
photo - http://msdn2.microsoft.com/en-us/library/ms679116.aspx
jpegPhoto - http://msdn2.microsoft.com/en-us/library/ms676813.aspx
ASKER