Part 1: The Setup
This blog is split in two parts, first covering checkpoints for a correct setup for GAL pictures and the second Outlook client troubeshooting focused on Exchange Cached Mode.
Setting pictures in Active directory is a great feature as you have a centralized location you can manage the company pictures. Yet, there are two phases where you can face difficulties: in the setup process and in the operational phase.
The setup process is well documented in these exchange blogs:
GAL Photos: Frequently Asked Questions: http://blogs.technet.com/b/exchange/archive/2010/06/01/3410006.aspx GAL Photos in Exchange 2010 and Outlook 2010: http://blogs.technet.com/b/exchange/archive/2010/03/10/gal-photos-in-exchange-2010-and-outlook-2010.aspx
There is one point which is not fully described the above articles:
mAPIID value should be 35998
First question is how do I know if the value is right (35998) or when should I care about its value?If you have Active directory installed with Windows Server 2008 R2 on the master Domain Controller, the value will be 35998.
However, most organization have Active directory for a longer time and they need to check the mAPIID.
From this moment you need to pay extra attention changing the examples: DC=Contoso,DC=Com according to your domain name, usenames, etc. and copy the commands to notepad to remove extra spacing and special characters. Also make sure you read the disclaimer at the end of the post.
To check the attribute you can easily perform this LDAP query on the master Domain Controller with Domain Admin privileges:ldifde -d CN=Schema,CN=Configuration,DC=Contoso,DC=Com -f schema.ldfThis command will provide an export of your Active Directory Schema and export available here: %userprofile%
Open schema.ldf with notepad and search for Picture:The line you are interested in is:dn: CN=Picture,CN=Schema,CN=Configuration,DC=contoso,DC=com
and under it you have you should have mAPIID attribute with value 35998 (I set a wrong value in the screenshot as an example)
If the value is not the specified one(35998) you have 2 options:
Update the Active Directory Schema to 2008 R2 level following these articles:http://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx http://technet.microsoft.com/en-us/library/cc753437(WS.10).aspx
However, you may want to update only the mAPIID value and this is possible with the following command:
ldifde -i -f c:\temp\mAPIID.txtCopy the below text in notepad, mAPIID.txt let's say, and of course change DC=contoso,DC=com.
dn:changetype: modifyadd: schemaUpgradeInProgressschemaUpgradeInProgress: 1-
dn: CN=Picture,CN=Schema,CN=Configuration,DC=contoso,DC=comchangetype: modifyreplace: mAPIIDmAPIID: 35998-
dn:changetype: modifyadd: schemaUpgradeInProgressschemaUpgradeInProgress: 0-
dn:changetype: modifyadd: schemaUpdateNowschemaUpdateNow: 1-
Unless you have a good technical reason we advise you to use the first method and not changing the attribute only.
Four checkpoints for Setup section1. Schema Level (mAPIID 35998)2. ThumbnailPhoto attribute replicated to GAL: procedure available here3. Import the picture methods: Directly in Active Directory follow the example code for here:http://support.microsoft.com/kb/292029
Exchange 2007 PowerShell script one of the best I have used is available here:http://www.stevieg.org/tag/gal-photos/
Exchange 2010 PowerShell command:
Import-RecipientDataProperty -Identity username -Picture -FileData ([Byte]$(Get-Content -Path "C:\pictures\username.jpg" -Encoding Byte -ReadCount 0))
Keep in mind that Exchange PowerShell can import pictures up to 10KB while the AD attribute supports a max size of 100 KB
Exchange 2013 PowerShell command and Exchange Control Panel from OWA: Import-RecipientDataProperty -Identity username -Picture -FileData ([Byte]$(Get-Content -Path "M:\Employee Photos\ username.jpg" -Encoding Byte -ReadCount 0))
Office 365 backend: Upload a photo on Microsoft Office 365 Portal(max size 10KB) or follow the process described in: http://support.microsoft.com/kb/2497721
4. Can you get the picture from Exchange?To check copy the below command in a export_picture.ps1 script and run it:
$searcher.filter = "distinguishedname=CN=test user,CN=Users,DC=Contoso,DC=com" $photo=$searcher.findone()$photo.properties.thumbnailphoto | set-content c:\temp\test username.jpg -encoding byte
After this checkpoints Outlook will show the Picture if it is set in Online Mode.
This is because Outlook 2007, 2010 and 2013 will get the picture direct from the Global Catalog server. For Outlook 2003 and 2007 you need to deploy Outlook social connector again very well described on:http://www.stevieg.org/tag/gal-photos/ Download page: http://www.microsoft.com/en-us/download/details.aspx?id=7985
When running in Exchange Cache Mode Outlook client and Exchange Server has a more important role and we’ll cover it in Part 2.
This code is sample code. These samples are provided "as is" without warranty of any kind. Microsoft further disclaims all implied warranties including without limitation any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. In no event shall Microsoft or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the samples, even if Microsoft has been advised of the possibility of such damages. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
I've followed your steps but the photos still aren't showing up.We use Exchange 2010 SP2 in a Windows Server 2003 domain. The client PCs use Office 2013 Home & Business and Outlook profiles are Online (i.e. not in cached mode)Checkpoint 1: The mAPPID was set to .I updated it with your script and could see the update was successful in ADSIEdit.msc.Should the photo show up immediately or in Outlook or will it take some time for the new mAPPID to take effect?Checkpoint 2: ThumbnailPhoto attribute is replicated to GALCheckpoint 3: I imported the photos using the Exchange 2010 PowerShell method and that completes properlyCheckpoint 4: EMC gave an error when running your script"Property 'filter' cannot be found on this object; make sure it exists and is settable."Does this highlight what the problem could be?I appreciate this post is a year old now but hopefully you can help. We are only just rolling out Office 2013 so I really wanted this to be working to impress the end-users :)Thanks
Hello,at point 4, my first guess from the error message the cn of the user was not typed right:"distinguishedname=CN=test user,CN=Users,DC=Contoso,DC=com" My second is that the powershell is doing the query on a DC which did not replicated the attribute. You can manually check the attribute by using Adsiedit, on: Default naming context \CN=Users\Cn=usernameproperties and check if thumbnailPhoto attribute has some hex data in. In Online mode (make sure you don't have some forgotten .oab files) the picture is streamed directly from GAL, so if the DC on which the user has the picture set on is the same as the DC Outlook is connecting to (via Exchange RPC proxy) you should see the picture immediately. However, if you have multiple DCs AD replication can increase the time needed to display the picture. If you succeed with point 4 and still have the problem I suggest opening a support case to Microsoft. Regards,
Thanks Sil, I had checked the attribute and their is some hex in it.The weird thing is, they show up in Word/Excel/OneNote etc in the account settings but not in Outlook.So it would appear that the import went fine but there is a problem somewhere between AD and Exchange?
Hi,From the information provided the picture is well uploaded in AD. I would suggest looking in Outlook 2013 Group Policy template for a setting which says PreferADPhoto. This will insure that the picture source is AD. Next,you should check in the Address Book - Global Address List the user you have set the picture for.If the picture is still not displayed, try again the exchange script to retrieve the picture. Failing to get the picture from exchange will result in a failure in Outlook as well. From this point things get more complex and involve some traces. Still it is a good idea to uploaded pictures for a pilot group of users.Again if everything fails the recommendation to contact Microsoft support remains an option. Regards,Silviu