The introduction of hi-resolution photo support within Exchange solved the photo quality issues in various Microsoft products such as Outlook and Skype for Business (Lync). For many companies, the next question became “How do I get my corporate approved photos uploaded to Exchange?”
Here at ArmgaSys, we asked the same question. Here is our solution
The Challenges
- Build a PowerShell script to automatically upload corporate photos to Exchange.
- Automate the process via a scheduled task using the least privileges possible.
- Prevent users from uploading their own pictures and overriding the corporate approved (non-cat/clown/other) photos.
The PowerShell Script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
$imgFolder = ‘C:\Headshots\’
foreach ($pic in Get-ChildItem $imgFolder)
{
try
{
Set-UserPhoto `
$pic.BaseName `
-PictureData ([System.IO.File]::ReadAllBytes(“$imgFolder\$($pic.Name)”)) `
-Confirm:$false
Remove-Item “$imgFolder\$($pic.Name)”
}
Catch
{
Write-Warning “Warning : $_”
}
}# Update Exchange policies to prevent users from uploading their own pictures
Get-CASMailbox -ResultSize Unlimited | Set-CASMailbox -OWAMailboxPolicy Default
Get-OWAMailboxPolicy | Set-OWAMailboxPolicy -SetPhotoEnabled:$false
Script Usage Notes
- Be sure to set the variable $imgFolder to the location of your headshots
- This script assumes image deltas.
I.E. only new or changed images should be processed. As such, the script deletes the image after it is completed. If you want to process every user image every time the script is run, remove the line:
Remove-Item “$imgFolder\$($pic.Name)” - Important: Be sure to include the backtick (line continuation character) in your script if you leave the Set-UserPhoto command on multiple lines!
- This script will reside directly on the Exchange server
Scheduling the Script
Using Task Scheduler on the Exchange server that houses the script, create a task to run at the time intervals desired by your needs. Set the remaining options as follows:
Security Options
Set the user account to NT AUTHORITY\NETWORK SERVICE
Actions
Action = Start a program
Program Script = PowerShell.exe
Add arguments (optional) = -ExecutionPolicy Bypass [Full path and file to your script]
Example: -ExecutionPolicy Bypass C:\Scripts\Headshot.ps1
Setting up Security: Headshots Folder
Grant the Exchange computer Modify access to the folder which contains the headshots.
NOTE: If your script will not delete the Headshot images, you can grant Read-Only access to the folder.
In our example above, the server name is SRVEXCH16 and resides in the ArmgaSys corporate domain.
Important: You will need to make sure the Object Types includes Computers!
Setting up Security: Script Access to Exchange
Grant the Exchange computer access to the user’s mailboxes so the script can upload the user images.
- Launch the Active Directory Users and Computers snapin
- Open the OU Microsoft Exchange Security Groups
- Open the group Help Desk
- Add the Exchange computer running the script as a member
In our example above, the server name is SRVEXCH16 and resides in the ArmgaSys corporate domain.
Important: You will need to make sure the Object Types includes Computers!
Populating Headshot Images
Now all you need to do is populate your headshots directory and test!
Important: The script assumes all headshot images are in the format of [ExchangeUserName].[EXT]. In our organization, we use [FirstName].[LastName] as our Exchange user name format.
So, an example headshot image dropped into our headshots directory would be
Auther.Dent.JPEG
Enjoy!