Announcement

Collapse
No announcement yet.

How can I store employees' pictures in Active Directory?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How can I store employees' pictures in Active Directory?

    How can I store employees' pictures in Active Directory?

  • #2
    It is possible, and there is default attribute assigned for that use [Organizational-Person>ThumbNailPhoto], but...looking at the KB/MSDN articles it doesn't look trivial (I've never had a need to do it personally this exists in Windows 2000/2003).

    There's also [User>jpegPhoto] but exists in 2003 only and I believe allows for larger files than ThumbNailPhoto.

    I don't know of a way to easily display/retrieve the images after you have them in AD. Maybe someone else does?

    http://msdn.microsoft.com/library/de...bnailphoto.asp

    http://support.microsoft.com/kb/q292029/

    http://msdn.microsoft.com/library/de..._jpegphoto.asp
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      This attribute is mostly used for Web apps, I believe. You might want to be a little bit careful about using it. If you store the picture itself in AD you may grow your database rather quickly with corresponding effects on replication. Also note that SELF has write permissions on that attribute by default. That's a bug, I believe.

      Comment


      • #4
        Originally posted by wkasdo
        Also note that SELF has write permissions on that attribute by default. That's a bug, I believe.
        I wouldn't call it a bug, but a poor design, as the attribute belongs to "Personal Information" property set ( http://msdn.microsoft.com/library/de...nformation.asp ).

        Also worth mentioning that ThumbNailPhoto is limited by default to 100K

        The interesting thing is that jpegPhoto on the other hand, does not belong to "Personal Information" property set - resulting in administrative rights needed to write to the attribute, but it seams to lack the size limit (thumbNailPtoto has one).

        If I was to implement pictures in AD, I would change the defaultSecurityDescriptor of "user" classSchema object and would put a limit (say, 30Kb) on the attribute.

        jpegPhoto seams to be easier to manipulate, but I do not like the idea of someone with enough permissions sticking a several Mb picture in AD.

        And it also seams that Dameware utilities have the interface for displaying/uploading images.
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment

        Working...
        X