SharePoint - User Profile Picture Sync without FIM/MIM

Import profile pictures from Active Directory to SharePoint.  This is a PowerShell script that will work on SharePoint 2013 or SharePoint 2016 so you can use Active Directory Import and this script to get your pictures sync'd.This assumes that the profiles are populated.  There i

 
 
 
 
 
5 Star
(2)
1,787 times
Add to favorites
SharePoint
1/4/2019
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • write to AD?
    1 Posts | Last post July 31, 2019
    • Hello, I was able to run the script successfully to get images from AD to SP2016 which uses AD import. What about upload pictures to AD? Prior to SP2016 and AD import, the sync would export the user picture that got uploaded to Sharepoint to AD and that is how our user change their pictures. 
      
      Thanks!
  • Error Running Script
    2 Posts | Last post July 24, 2019
    • Getting the error: 
      
      Exception calling "SendRequest" with "1" argument(s): "The user has insufficient access rights."
      At D:\scripts\PictureUpload1.3.ps1:167 char:5
      +     $Response = $LDAPConnection.SendRequest($Request)
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
          + FullyQualifiedErrorId : DirectoryOperationException
      
      Where does this account not have sufficient rights? It is in the Farm Admin's Group, also has "Replicating Directory Changes" applied to it. Any help would be greatly appreciated!
    • A post below answered my question. This script helped out a lot! Thank you!
  • PartitionId purpose in uploaded photo filename
    1 Posts | Last post May 25, 2019
    • Hi,
      When the photos are imported from AD into the mysite host location they are in the format:
      SomeLongPartitionGuid_username.jpg
      
      This format is specified in the script using the partition id
      Filename = [userProfileManager.PartitionID]_[userProfile.recordId].jpg
      
      So is the partition id needed as part of the filename? I read on another forum it is, I quote "Update-SPProfilePhotoStore only works if temporary images actually show in User Photos (with partitionid syntax)." So just some clarity around this would be great, it would be nice just to strip it out but what would be the knock on effect of this. Also many thanks for this script very useful really appreciate it.
  • Non English language support
    2 Posts | Last post March 07, 2019
    • I've nearly finished working through an issue I hit with your script, the folder name the photos are uploaded to assumes English. For our german language install the folder "User Photos/Profile Pictures" is actually "User Photos/Profilbilder". The tricky part with troubleshooting is the Update-SPProfilePhotoStore command will run and return after a few seconds with no error, but this would actually be correct behaviour as it can't see the correct folder and therefore any contents to update.
      
      
      Apart from that great work and helps solve a Problem for us.
    • Glad it could help out.  I did not have the framework to setup and I did not think about other language locals.  I will look into getting that into a variable to for easy modification.
  • error when running the script. sp2013
    4 Posts | Last post January 31, 2019
    • I have set my variables but I get an error when running the script. I run .\PictureUpload1.2.ps1 and get this error/output. I am running ps as a farm admin. thanks
      
      new-object : Exception calling ".ctor" with "2" argument(s): "UserProfileApplicationNotAvailableException_Logging ::
      UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does not have
      80899d9d-d79c-4580-9e53-0f97871e2f24"
      At D:\Scripts\SharePoint\PhotoSync\PictureUpload1.2.ps1:36 char:13
      + $pm       = new-object Microsoft.Office.Server.UserProfiles.UserProfi ...
      +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
          + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
      
      Exception calling "Add" with "1" argument(s): "<nativehr>0x80070002</nativehr><nativestack></nativestack>"
      At D:\Scripts\SharePoint\PhotoSync\PictureUpload1.2.ps1:70 char:5
      +     $site.RootWeb.GetFolder("User Photos").subfolders.Add("Profile Pi ...
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : FileNotFoundException
      
      
      
      
      
      
    • This is due to the account running the script not having permissions to the UPA.
    • I am also getting the error - Exception calling "Add" with "1" argument(s): "<nativehr>0x80070002</nativehr><nativestack></nativestack>
      
      The outlog has-  Unable to get UserPhotos/Profile Pictures.  Trying to create.
      Unable to create the Profile Pictures.  Check log below and permissions
      
      Account running does have full control permissions for the UPA as well as the AD Replication permissions. 
      
      Thoughts?  
    • I was able to resolve my issue. Thanks for the article.  My issues were that I had my SharePoint Site URL in the site variable, instead of the SharePoint My Site URL.  Also, the user account running the script did not have some permission. Setting the use different account flag to true, then using that account worked. 
  • Does it delete photos?
    3 Posts | Last post January 16, 2019
    • If someone deletes their profile picture from AD, does this script remove the picture from the  SharePoint user profile?
    • This would not delete the picture from AD.
    • **This would not delete pictures from SharePoint.  I would suggest that user uploading a placeholder picture in AD or we can manually delete the picture in the user profiles.
  • DirSync - Incremental Issue
    2 Posts | Last post January 03, 2019
    • Thanks for the script. When I run the script for the first time (Full Import) everything works as expected. However, if I run the script to do an incremental update the user objects which are returned are all missing the sAMAccountName attribute. I am not sure if this is related to the Cookie. If I remove the Cookie.bin, aduser.clixml and reset the DNLookup.xml file and re-run the script (Full Import again) the user objects are created as expected and I am able to successfully create the Thumbnail images, etc...  
      
      This gets round the issue but it takes a long time to re-import all the time. Is there anything I should check? 
    • I found the issue and think I have resolved this in the 1.3 version.  This will be published soon.
  • The user has insufficient access rights
    3 Posts | Last post November 13, 2018
    • The line "$ldapconnection.sendrequest($request)" fails with above error (and all subsequent). Have tried with the sync-account that Sharepoint is using allready (which has the "Replicate Directory Changes" permission to no avail). Any ideas?
      
      
    • Replicate Directory Changes is required for permissions.  I would suggest using the same account that connecting to AD in the User Profile Service Application.
    • Turned out to be wrong LDAP path. RDC was applied! Tnkx anyway.
  • Do we need to create the folder c:\Dirsync?
    2 Posts | Last post August 22, 2018
    • will the script create the folder c:\Dirsync or do we have to create it?if we need to create it do we have to put anything in it? like DNLookup.xml.
    • The script does not create any folders.  Creating that folder and toss the DNLookup.xml in there.
  • Windows Server 2016
    1 Posts | Last post May 28, 2018
    • I've tested in Windows Server 2016. I added [System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")
      [System.Reflection.Assembly]::LoadWithPartialName("System.Net")  on line 125 and I did Joni Mattila change: " Added $Servername and $Port to assign domain controller and port 389 then on line 130 and 131 added $serverplusport = “$servername”+”:”+”$Port” then replace line 131 with $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($serverplusport) "  Then script started to work.
      
1 - 10 of 16 Items