Share via


How to export profile picture to Active directory in SharePoint 2016

I had to work on a SharePoint Server 2016 scenario the other day where the requirement was to export user photo to Active Directory since there is no support of picture export from SharePoint Server 2016 to Active Directory.
Below sample can be utilized for this scenario - and can be tweaked easily to meet other business requirements.

!!!Important!!!
This source code is freeware and is provided on an "as is" basis without warranties of any kind,  whether express or implied, including without limitation warranties that the code is free of defect,  fit for a particular purpose or non-infringing.  The entire risk as to the quality and performance of  the code is with the end user.

 #Sample provided As-Is - Use after sufficient testing. 
#replace these details - User name, domain, My site host.
$mySiteUrl = "https://sps2016/my"
$context = Get-SPServiceContext (Get-SPSite $mySiteUrl)
$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$allprofiles = $profileManager.GetEnumerator()

foreach($profile in $allprofiles){
  $pictureUrl = $profile["PictureUrl"].Value
  if ($pictureUrl -ne $null){
    $success = $true
    try{
      $pictureUrl = ($pictureUrl).Replace("MThumb","LThumb")
      $library = (Get-SPWeb $mySiteUrl).GetList($pictureUrl.Remove($pictureUrl.LastIndexOf("/") + 1))
      $file = $library.Folders[0].Folder.Files[$pictureUrl.Substring($pictureUrl.LastIndexOf("/") + 1)]
      $binary = $file.OpenBinary()
    }catch{
      $success = $false
    }
    if ($success -eq $true){
      #Put the picture image to the AD
      $username = $profile.AccountName.Substring($profile.AccountName.LastIndexOf("\") + 1)
      $domainname = $profile.AccountName.Remove($profile.AccountName.LastIndexOf("\"))
      $addomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain((New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $domainname)))
      $root = $addomain.GetDirectoryEntry()
      $search = [System.DirectoryServices.DirectorySearcher]$root
      $search.Filter = "(&(objectclass=user)(objectcategory=person)(samAccountName=$username))"
      $result = $search.FindOne()
      if ($result -ne $null){
        $user = $result.GetDirectoryEntry()
        $user.put("thumbnailPhoto", $binary)
        $user.setinfo()
        Write-Host $profile.AccountName "updated"
      }
      else {Write-Host $profile.AccountName "does not exist in domain " $domainname}
    }
  }
  else {Write-Host $profile.AccountName "does not have profile picture"}
}

If you want to make sure that the picture of the specific user has been uploaded to the AD, use the following sample code to get the picture from AD.

 $aduser = [ADSI] "LDAP://cn=user01,cn=Users,dc=contoso,dc=com"
$data = $aduser.Properties["thumbnailPhoto"]
[IO.File]::WriteAllBytes("C:\out.jpg",$data.Value)

Also, you can use the following sample code to delete picture from AD user.

 $aduser = [ADSI] "LDAP://cn=user01,cn=Users,dc=contoso,dc=com"
$aduser.Properties["thumbnailPhoto"].Clear()
$aduser.CommitChanges()