Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        Cognizant Microsoft Business Group is dedicated to changing the way businesses innovate, transform and run based on a unique cloud operating model. You will now be redirected to our new microsite to learn more.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Read the most up-to-date corporate announcements, Microsoft technology updates, innovative business solutions and learn more about how the Cognizant Microsoft Business Group can take your business even farther.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        Cognizant Microsoft Business Group’s executive team is comprised of innovative leaders with proven experience and deep industry expertise. You will now be redirected to our new microsite to learn more.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      AD Photo Synchronization with Windows 10

      New Signature / Blog / AD Photo Synchronization with Windows 10
      October 4, 2016October 3, 2016| New Signature
      • Facebook
      • Twitter
      • LinkedIn
      • Print

      By default, the Windows 10 (1607 in the example images below) user profile picture shows a blank person picture. This can be changed by having a group policy pull down a picture from Active Directory and set it for the user for each workstation they log into. There are two major steps that this involves:

      1. Import user photos into Active Directory
      2. Deploy PowerShell script using Group Policy Logoff Script

      Pic11111

      Pic2

      Import user photos into Active Directory

      The first thing to do is import the user photos into Active Directory. I’ve followed this guide here, https://gallery.technet.microsoft.com/How-to-Import-Employee-0058e89b, in order to use PowerShell for the import. You will require using Active Directory Module for Windows PowerShell in Administrator mode. This will essentially save the picture in the “thumbnailPhoto” attribute for that user in Active Directory.

      Command Syntax:

      $photo = [byte[]](Get-Content path of picture -Encoding byte)

      Set-ADUser username -Replace @{thumbnailPhoto=$photo}

      Example Command:

      $photo = [byte[]](Get-Content C:\ProfilePics\JeffPicture.jpg -Encoding byte)

      Set-ADUser Jeff -Replace @{thumbnailPhoto=$photo}

      Note: The thumbnailPhoto attribute max size is 100k, so please ensure your photos are less than that size. If you try to import a picture that is over 100k, you’ll receive the following error, “Set-ADUser: A value for the attribute was not in the acceptable range of values”. Reference: https://social.technet.microsoft.com/Forums/office/en-US/835546af-9299-46ca-a6c5-5c4ddb38c41d/thumbnail-photos-inad?forum=winserverDS

      Pic3

      Running the commands successfully should give no errors as per the example image below:

      Pic4

      To find out if the user already has a photo in AD, see the images below for the difference between not in AD and in AD for the user’s thumbnail photo attribute.

      Pic5

      Pic6

      Deploy PowerShell script using Group Policy Logoff Script

      Now once the pictures are imported into Active Directory for the users, the PowerShell script found here, https://deployhappiness.com/syncing-windows-account-photos-with-active-directory/, can be used for the Group Policy Logoff scripts. This will essentially run the PowerShell script when the user logs off a machine. The PowerShell script will check AD if the user has a thumbnail photo, retrieve it, and set it as the current Windows account photo for that user.

      Create a new GPO and add the logoff script. The logoff scripts location can be found User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff). Add the PowerShell script to the “PowerShell Scripts” tab with no parameters. As mentioned in the original blog above, it is recommended to place this as a logoff script for two reasons:

      1. It prevents any impact to user logons which can be very important in an enterprise environment.
      2. The picture will only appear during the next fresh logon anyways. This shouldn’t be an issue especially if it’s the same person using that workstation all the time.

      Pic7

      Once the PowerShell script has been added, the GPO settings will look something similar to the following image below.

      Pic8

      Once the GPO has been linked to an OU that contains the user’s object in AD, any workstation that the user logs into will run the PowerShell logoff script and the user’s photo will appear in the logon screen and the picture placeholder on the start menu.

      Pic999

      Pic1010

      If your users don’t have local admin on their workstations, then additional steps need to be taken for the Group Policy object that was created. This is pretty typical of enterprises to not allow their users to be local admin on their workstations. In this case, we will switch the GPO to attach to an OU containing workstations instead of an OU containing users. The reason why the PowerShell script alone won’t work for users that don’t have local admin, is due to registry key permissions that are needed for the PowerShell script.

      Using this guide, http://blog.jocha.se/tech/ad-user-pictures-in-windows-10, permissions can be set for the needed registry key and sub keys. In the same GPO, add the registry key by going to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Registry and clicking “Add Key…”.

      Pic11

      Copy and paste “MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users” under “Selected Key” or browse to it manually and press OK.

      Pic12

      Go to “Users” and select “Allow” for “Full Control” and click “OK”.

      Pic13

      Select “Replace existing permissions on all subkeys with inheritable permissions” and click Ok.

      Pic14

      You will then see the registry key under “Registry” in the Group Policy object.

      Pic15

      Then under the same GPO, go into Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy and enable the “Configure user Group Policy loopback processing mode” for Merge mode. This will essentially allow the PowerShell logoff script to still run for users even if the GPO is linked to an OU that contains workstations only. Merge mode will still allow the user’s regular user based GPOs to still apply. For a good explanation on Group Policy loopback processing, check out this link: https://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx.

      Pic16

      The group policy object “Settings” tab should look like the one below once: the Registry key has been added with the appropriate permissions, loopback processing has been enabled, and the logoff script has been added. Again, ensure that this group policy object is linked to an OU with workstations rather than an OU with users.

      Pic17

      Pic18

      If you take a look at the registry key, MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users, for a workstation that doesn’t have the above GPO applied, “Users” won’t have Full Control of the Key and sub keys.

      Pic19

      Once the GPO is applied, “Full Control” will be given to the “Users” group for each workstation that the GPO applies to.

      Pic20

      The “Users” key and the sub keys below are what is given permission for each non local admin user in order to run the PowerShell logoff script successfully under the user’s permissions.

      Pic21

       

      Categories
      Tips and Tricks
      Contact New Signature

      Related Information

      Technologies

      • Windows 10
      • Active Directory

      Blog Posts

      • Lend a Helping Hand with Windows Quick Assist
      • Keep Your Family Safe: Tips for Becoming Their Digital Security Guard
      • Employing a Windows Virtual Desktop (WVD): Why and How?
      • Set a Custom Power Plan During Autopilot

      Events

      Tue 23

      Cloud Native Transformation: Increase Resilience, Scalability and Application Security with Modern Apps in Azure

      March 23 @ 10:00 am - 11:00 am EDT
      Apr 08

      Power Platform Webinar Series: Build Customer Relationships at Scale

      April 8 @ 10:00 am - 10:45 am EDT

      View More

      New Signature
      New Signature HQ
      901 K Street NW, Suite 450
      Washington, DC 20001
      Phone: 202-452-5923
      New Signature Canada HQ
      7th Floor, 5140 Yonge Street
      Toronto, ON M2N 7J8
      Phone: 416-971-4267
      New Signature UK HQ
      57 Bermondsey Street
      London SE1 3XJ
      Phone: +44 (0) 845-402-1752

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2021 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy
      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Save & Accept