Share via

Profile Photo Sync from Exchange2016 on Premise to O365 Environment

Bölling, Daniel 1 Reputation point
2021-03-27T18:45:06.327+00:00

Hello all,

A moderator from answers.microsoft.com advised that I post my question here.
Original Question:
https://answers.microsoft.com/en-us/msoffice/forum/all/profile-photo-sync-from-exchange2016-on-premise-to/c25287b2-a41f-47cd-9e99-4b3c0294fc9e

I hope someone can help me with the profile photo sync.
The blog posts are either 5 years old or all about uploading to O365 Exchange.
Which we are currently not using.

Currently only some profile pictures are kept in AD (for CTI and Outlook).
These pictures should of course also appear in Teams.
The thumbnail resolution is sufficient for CTI and the local office applications.
The resolution in Teams is unfortunately not good.

For testing purposes, I uploaded a set-user photo with 648x648 pixels on our on-prem Exchange 2016 and waited for synchronization.
A thumbnail is created in the user's AD object.
The synchronization to Office365 is solved via the AD Azure Connector.

Result:

  • In OWA, the full resolution is available.
  • In CTI and Excel only the small one (which is quite sufficient).
  • Sharepint - No profile picture.
  • 365 Admin Center - No profile picture.
  • In Teams and Teams Admin Center the resolution is a disaster and not usable.

A Get-AzureADUserThumbnailPhoto shows 64x64 pixels - so not the 648x648 as desired.

I have already seen that in the Azure-AD Connector can prevent the thumbnailPhoto attribute from being transferred.

All posts continue to describe that you can upload the images directly to Office365... however to Exchange Online - Which we do not use.

Does anyone have any advice for me on how to get the high res images into the Office365 environment via script?
Most important here is Teams for now, but of course it would be good if the images were identical in all Office 365 parts.

Our environment looks like this:
On-Premise:

  • Exchange 2016
  • AD
  • Outlook 2010/O365
  • Azure AD Connect with Sync to O365

O365:
So far only MS Teams and OneDrive
Just before the rollout of MS Teams for all employees

Thanks in advance!

Daniel

Translated with www.DeepL.com/Translator (free version)

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,244 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,389 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,407 questions
0 comments

7 answers

Sort by: Newest
Most helpful Newest Oldest
  1. Bölling, Daniel 1 Reputation point
    2021-04-01T06:23:27.01+00:00

    Hello everyone and thanks for the reply.

    For testing purposes, I tried the free products from CodeTwo.
    The software for O365, as suspected, does not give any results since the accounts are not in Exchange Online.
    The one for AD also shows me existing incl, resolution.
    I have an account set up with a 96x96 pixel image and am waiting for the photo to display in Teams.
    Unfortunately, this has not been displayed for 2 days, although it already appears in the Teams admin interface... this is a bit annoying I think.

    I will ask the employee to upload the profile picture in Teams via the Teams website... here there is the possibility that the user exchanges the picture himself.

    If this works, the future procedure will be as follows:

    1. Disable ThumbnailPhoto synchronization towards AzureAD.
    2. Distribution of the image in AD by IT (for CTI and Office).
    3. Manual upload of the image by the employee via the Teams website.
    4. Hope that Microsoft will improve something here sometime.

    It really bugs me that the whole process is very opaque and needs a lot of improvement.

    Translated with www.DeepL.com/Translator (free version)

  2. Lucas Liu-MSFT 6,161 Reputation points
    2021-03-29T08:12:50.723+00:00

    Hi @Bölling, Daniel ,
    You mentioned that OWA can be used in its entirety. Did you mean that after you add it locally and sync to the cloud, you can see the complete photo after logging in to OWA by your on-premises Exchange mailbox?

    Please note that when uploading pictures from local AD, The Active Directory thumbnailPhoto attribute value is limited to about 100KB in size – this will mostly prevent you from uploading a “high resolution” photo. And Exchange Online accepts only a photo that's no larger than 10 KB from Azure AD. If you use this method to synchronize photos, 96x96 is more recommended.

    When we upload larger pictures, Exchange will automatically crop these pictures. Although there is no official article that points out a specific value, we can know from the following official article that it will automatically adjust to three different photo sizes and resolutions. According to my test, when the 648x648 prior image is uploaded directly to Office 365, it will be successfully applied. So I think it is the limitation in the synchronization process that changed the image you uploaded. It is more recommended that you upload the pictures directly to Offfice 365.
    For more information: Configure the use of high-resolution photos in Skype for Business Server

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Rich Matheisen 45,111 Reputation points
    2021-03-28T19:45:10.28+00:00

    Assuming you don't allow users to upload photos themselves (which, based on my experience, is a very bad idea -- some of the stuff that showed up in the AD made it look like a dating site, or worse!), this might be a model to use:

    1. Get all user account IDs and ThumbNailPhoto data from the AD and create a directory (call it "Today")
    2. Send the ThumbNailPhoto data to the AAD user
    3. In another directory (call it "Baseline"), create a file (name it with the user identity) that holds the hash value of the ThumbNailPhoto file.
    4. Tomorrow (or whatever you chose as a schedule), erase the data in the "Today" directory, and repeat step #1(but NOT step #2 and #3)
    5. For each user, generate a hash of today's ThumbNailPhoto and compare it to the hash for that user in the "Baseline" directory. If the hash is the same, do nothing. If the hash is different, move the ThumbNailPhoto to an "Update" directory. If the user isn't in your "Baseline" directory update the "Baseline" directory and add that ThumbNailPhoto to the "Update" directory.
    6. Send the ThumbNailPhotos in the "Update" directory to the AAD and then delete the contents of the "Update" directory.
    7. Repeat, starting at step #4.

    If you have multiple AD domains you'll have to do this for each one (unless the ThumbNailPhoto property is being stored in your Global Catalog). If all the Domain Controllers are local the update shouldn't be too hard to manage if you do it, say, once a week. If you have multiple domains and they're not local it would probably be a good idea to have the process run in each location to minimize network traffic.

    0 comments
  4. Rich Matheisen 45,111 Reputation points
    2021-03-28T02:14:06.26+00:00

    The dimension of the image (in pixels) isn't (from what I remember) as important as the size of the file.

    Have you read this? user-photos-not-synced-to-exchange-online

    Assuming you have the image files you should be able to create and import a PSSession and use the Set-UserPhoto cmdlet. There are probably size limitations on the size of the image file and those may differ between the the AD and the applications that use the photos.

    1 person found this answer helpful.
  5. Bölling, Daniel 1 Reputation point
    2021-03-27T19:54:35.77+00:00

    Hello Andreas,

    thank you for the answer.

    I hope someone can shed some light on this totally incomprehensible profile picture issue.
    It would be totally helpful if you could choose one command for the whole O365 environment, apart from Exchange Online.

    Currently I feel that users have to manually upload the images. to Teams.
    :/

    PS:
    I don't really understand your last sentence... what do you mean?
    For me a profile picture is enough... but the resolution in Teams is really very bad.

    Translated with www.DeepL.com/Translator (free version)