Part 1: The Setup
This blog is split in two parts, first covering checkpoints for a correct setup for GAL pictures and the second Outlook client troubeshooting focused on Exchange Cached Mode.
Setting pictures in Active directory is a great feature as you have a centralized location you can manage the company pictures.
Yet, there are two phases where you can face difficulties: in the setup process and in the operational phase.
The setup process is well documented in these exchange blogs:
GAL Photos: Frequently Asked Questions: http://blogs.technet.com/b/exchange/archive/2010/06/01/3410006.aspx
GAL Photos in Exchange 2010 and Outlook 2010: http://blogs.technet.com/b/exchange/archive/2010/03/10/gal-photos-in-exchange-2010-and-outlook-2010.aspx
There is one point which is not fully described the above articles:
mAPIID value should be 35998
First question is how do I know if the value is right (35998) or when should I care about its value?
If you have Active directory installed with Windows Server 2008 R2 on the master Domain Controller, the value will be 35998.
However, most organization have Active directory for a longer time and they need to check the mAPIID.
From this moment you need to pay extra attention changing the examples: DC=Contoso,DC=Com according to your domain name, usenames, etc. and copy the commands to notepad to remove extra spacing and special characters. Also make sure you read the disclaimer at the end of the post.
To check the attribute you can easily perform this LDAP query on the master Domain Controller with Domain Admin privileges:
ldifde -d CN=Schema,CN=Configuration,DC=Contoso,DC=Com -f schema.ldf
This command will provide an export of your Active Directory Schema and export available here: %userprofile%
Open schema.ldf with notepad and search for Picture:
The line you are interested in is:
and under it you have you should have mAPIID attribute with value 35998 (I set a wrong value in the screenshot as an example)
If the value is not the specified one(35998) you have 2 options:
Update the Active Directory Schema to 2008 R2 level following these articles:
However, you may want to update only the mAPIID value and this is possible with the following command:
ldifde -i -f c:\temp\mAPIID.txt
Copy the below text in notepad, mAPIID.txt let’s say, and of course change DC=contoso,DC=com.
Unless you have a good technical reason we advise you to use the first method and not changing the attribute only.
Four checkpoints for Setup section
1. Schema Level (mAPIID 35998)
2. ThumbnailPhoto attribute replicated to GAL: procedure available here
3. Import the picture methods:
Directly in Active Directory follow the example code for here:
Exchange 2007 PowerShell script one of the best I have used is available here:
Exchange 2010 PowerShell command:
Import-RecipientDataProperty -Identity username -Picture -FileData ([Byte]$(Get-Content -Path “C:\pictures\username.jpg” -Encoding Byte -ReadCount 0))
Keep in mind that Exchange PowerShell can import pictures up to 10KB while the AD attribute supports a max size of 100 KB
Exchange 2013 PowerShell command and Exchange Control Panel from OWA:
Import-RecipientDataProperty -Identity username -Picture -FileData ([Byte]$(Get-Content -Path “M:\Employee Photos\ username.jpg” -Encoding Byte -ReadCount 0))
Office 365 backend:
Upload a photo on Microsoft Office 365 Portal(max size 10KB) or follow the process described in:
4. Can you get the picture from Exchange?
To check copy the below command in a export_picture.ps1 script and run it:
$searcher.filter = “distinguishedname=CN=test user,CN=Users,DC=Contoso,DC=com”
$photo.properties.thumbnailphoto | set-content c:\temp\test username.jpg -encoding byte
After this checkpoints Outlook will show the Picture if it is set in Online Mode.
This is because Outlook 2007, 2010 and 2013 will get the picture direct from the Global Catalog server.
For Outlook 2003 and 2007 you need to deploy Outlook social connector again very well described on:
Download page: http://www.microsoft.com/en-us/download/details.aspx?id=7985
When running in Exchange Cache Mode Outlook client and Exchange Server has a more important role and we’ll cover it in Part 2.
This code is sample code. These samples are provided “as is” without warranty of any kind. Microsoft further disclaims all implied warranties including without limitation any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. In no event shall Microsoft or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the samples, even if Microsoft has been advised of the possibility of such damages. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.