Bulk Modify Active Directory User Photos
Planning
You should consider the pros and cons of storing photos in Active Directory as well
as the implecations of bulk loading photos in Active Directory.
Lets say that you have 20,000 user accounts in your Active Directory and you are
planning to load a 100Kb (on average) photo of each user into Active Directory.
You would expect to need an additional 1953Mb of storage ([20000*100]/1024) on each
of your domain controllers. You also need to consider the affect on replication
- especially if you have some sites with slow or saturated links.
You also need to consider the affect of applications downloading photos from Active
Directory - these might add some additional load on your domain controllers so you
will need to size them accordingly.
The impact of storing photos in Active Directory is likely to be quite minimal for
an organisation with a few hundred user accounts, small image sizes and a handfull
or of domain controllers in a single site. The impact on a larger organization
with thousands of user accounts accross multiple sites with slow links and larger
image sizes could be quite severe.
You will need to decide which attribute to use to store your photos or you might
be planning to extend the schema with your own attributes. A number of attributes
exist that are designed to allow you to store user photos in Active Directory.
Assuming you are using "Windows 2003 Server" you can use any of the following attributes:
|
photo |
Yes |
- |
An object encoded in G3 fax as explained in recommendation T.4, with an ASN.1 wrapper
to make it compatible with an X.400 BodyPart as defined in X.420. |
|
thumbnaillogo |
No |
32Kb |
Logo |
|
thumbnailphoto |
No |
100Kb |
Picture |
|
jpegphoto |
Yes |
- |
Used to store one or more images of a person using the JPEG File Interchange Format
[JFIF]. |
Tips
- Plan carefully - make sure you understand the impact of storing photos in Active
Directory.
- Keep file sizes as small as possible.
- Run bulk updates at "quiet" times.
- You might want to run tests in a QA environment before making changes to your live
system. Also ensure that you have recent backups of your Active Directory.
Updating
You can use Bulk Modify to bulk load user photos into Active Directory. Click
the "Other" tab and select the attribute you want to use to store your employee
photos.
The Octet string editor should be displayed. You will need to change the "Edit
value as" option to "Path to file". This will allow you to load a different
photo for each user.
If you click the "Sample user photo path" link, the following filename format will
be used "\\server1\photoshare\username.jpg". You can edit the path as required
using either a UNC or a local path. The
XML PlaceHolder
"<attr>sAMAccountName</attr>" is replaced with the username (Pre Windows
2000 Logon name).
XML Log File
Photos are handled slightly differently in the XML log file. If old and new
files were encoded inside the XML log file, the size of the log file would grow
quite large. Any file over 1Kb is stored in an external file and a pointer
is inserted into the XML log file.
The photos will be stored in a file called "<logfilename>_data". The
file does not have a file extension but it is possible to open the file by using
a zip application.