Link to home
Start Free TrialLog in
Avatar of dspent
dspentFlag for United States of America

asked on

User Photos in Active Directory

Many programs like Dameware and Hyena allow you to associate a picture with a user's account.... I'm curious if this info is being stored in Active Directory somewhere and if so, how do you go about enabling this functionality directly in AD rather than having to use a 3rd party program.

I put a few pictures in Dameware, then deleted the picture files from my desktop and then opened dameware on another admin's machine, and the pictures are still there....so I'm guessing this info is being stored in AD somewhere.  But WHERE????

Thanks,
-Jones
ASKER CERTIFIED SOLUTION
Avatar of alimu
alimu
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dspent

ASKER

Converting the photo is the easy part, but do you have such a script to access this attribute?  Or can you point me in the right direction
ldifde -r "(objectClass=user)" -f C:\export.ldf -v
will extract all the info in the AD domain you're logged onto where the objectClass is user, this will be saved into c:\export.ldf . I'm showing you this particular command because you can have a look then at how an existing user with a photo already configured is stored and compare to the sample import file I've provided below.

do some testing on a test account so nothing gets mucked up (I don't have a test AD i can try this on right now).
:: denotes it's a Base64 value.  I'm not 100% that this is necessary but all other values that are octet string (eg: SIDs, GUIDs) are represented in Base64 if you do an ldifde export so it must be required to avoid the import/export process killing the value. (sorry - another conversion for you).
- is a delimiter to indicate to ldifde that it's reached the end of the import file.
To import:  ldifde -i -f c:\import.ldf
From what I can figure, your import file (import.ldf) will look something like this sample import for 4 users:

dn: CN=Joe Blue,CN=Users,DC=mydomain,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLHpDFwoyckEBAA==

dn: CN=Jenny Green,CN=Users,DC=mydomain,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLHpDFwoyckEBAA==

dn: CN=James Red,CN=Users,DC=mydomain,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLHpDFwoyckEBAA==

dn: CN=Jane Purple,CN=Users,DC=mydomain,DC=com
changetype: modify
replace: photo
photo:: AQUAAAAAAAUVAAAA2TH4QhreLHpDFwoyckEBAA==
-


I recommend you go and doublecheck the syntax on what I've advised.
For LDIFDE Syntax see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/32872283-3722-4d9b-925a-82c516a1ca14.mspx
it's been a long while since I've done any importing.
Avatar of trippleO7
trippleO7

I'm finding multiple photo attributes for Windows 2003 server..."jpegPhoto" and "photo".  Maybe this will help someone.

photo - http://msdn2.microsoft.com/en-us/library/ms679116.aspx

jpegPhoto - http://msdn2.microsoft.com/en-us/library/ms676813.aspx