How to sync picture from SharePoint to Active Directory and hence to Outlook and Lync
Lets talk about how we can get a picture in user's My Site to be synchronized with Active Directory (AD) and hence other applications like Outlook or Lync (formally office communicator) can utilize it.
So lets get started with assuming -
- "User Profile Synchronization Service" is in "Started" state on appropriate SharePoint server
- "Replicate Directory Changes" permission on a domain is present for synchronization account https://technet.microsoft.com/en-us/library/hh296982.aspx#RDCdomain
- If you will export property values from SharePoint Server to AD DS, the synchronization account must have Create Child Objects (this object and all descendants) and Write All Properties (this object and all descendants) permissions on the organizational unit (OU) that you are synchronizing with. Ref: https://technet.microsoft.com/en-us/library/ff182925.aspx#permission
- You have a functional SharePoint 2010 / SharePoint 2013 environment which is configured to do Profile Synchronization. For more details on this please refer to https://technet.microsoft.com/en-us/library/ff382639.aspx
- Currently this is how the picture space in Outlook and Lync shows up for our example user Amy Alberts.
- Browse to Central Admin > Manage User Properties > Edit the Picture Property
- Under Add New Mapping, Choose the Source Data Connection as your AD import connection, attribute as "thumbnailPhoto" and Direction as "Export" and click Add
- By doing this you'd see Property Mapping for Synchronization as below, Click OK now to save this property mapping
- Now in Manage User Properties, Picture attribute would show up as below
- Browse to a user's My Site whose picture needs to be updated, click on My Profile > Edit My Profile > Choose Picture > Save and Close
- Browse again to User Profile Service Application > Start Profile Synchronization > Start Incremental Synchronization
- There are couple of ways you can verify the picture export
- From SharePoint side
- Open MIISCLIENT.EXE from C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell
- Look at the latest DS_EXPORT phase and click on "Updates" in Export Statistics, this would open the Object Details window
- Choose the user for whom the picture was updated and click on Properties
- You should see a change of type "add" for attribute name "thumbnailPhoto" as below
- From SharePoint side
- This indicates SharePoint was successfully able to export the photo
From Active Directory side
- Open the tool ADSIEdit.msc
- Connect to the correct domain
- Navigate thru the hierarchy and find the user for whom the picture was updated and open properties of the user so that it would display the attribute editor
- By default he value of attribute "thumbnailPhoto" would be <not set> however after the profile synchronization is completed, you would see a binary value in there as visible in screenshot below
- Its not supported/recommended to run any operations or make any changes directly using MIISCLIENT.exe. Please rely on SharePoint UI/OM for all your Profile Sync operations.
- ADSIEdit.msc is a very powerful tool and can mess around the Active Directory configuration if not carefully used. If you do any changes using this tool, its irreversible so please be careful. In my example, we are using this tool as READ-ONLY just to confirm the changes made.
- After giving a few hours and once the AD replication is complete and once Exchange and Lync have picked up these changes (I didn’t need to do any manual changes on my Exchange Server 2010 or Lync Serve 2010) this is how the picture space in Outlook and Lync shows up for our example user Amy Alberts.
I hope this helps you to increase personalization in your organization.