Downloading Images from Active Directory
Did you know that active directory can store binary data? That’s right - it isn’t all numbers, dates, text and late-night parties. Equally, one good example of binary data is the thumbnailPhoto field which is used to store a photograph of the person whose account it is.
So does your company have this? Probably, and especially so if they use Outlook, but for the purposes of this short article, I am going to show you how to extract that image using PowerShell.
Let’s begin by first getting the photo of a specific user, and once successful, tackly a whole OU (Organisational Unit).
Getting one user’s thumbnail photo
For this, we’re going to use the Get-ADUser commandlet and specify two parameters. The first will be the person we’re interested in (smoon - me!) and the second, the thumbnail property. Here’s how it looks:
> Get-ADuser smoon -Properties thumbnailPhoto |
Yours will look differently of course, but from this you can see our first hint that there might be something special about the thumbnailPhoto. In that field, we have the start of our binary data enclosed in curly braces: {255, 216, 255, 224...}.
The next step is to tell PowerShell that we specifically want to extract the thumbnailPhoto and for that, let’s pipe it to another commandlet.
> Get-ADuser smoon -Properties thumbnailPhoto | Select-Object thumbnailPhoto |
OK, so we’ve zoomed in on just the one thing we want - remember, our first command above gave a bunch of other things and we don’t care about those for this. Let’s write it to a file, next.
I’m going to split this into two lines, but you don’t need to - you could pipe everything together, but long lines don’t display so well on blogs!
> $user = Get-ADuser smoon -Properties thumbnailPhoto | Select-Object thumbnailPhoto |
That should be enough to create a JPG named photo.jpg in the current directory, of the user selected - me.
Saving one user’s photo using their username
What if we don’t want to call the file photo.jpg and instead, want to use the user’s account name? For that, we need to extract a couple of fields so let’s step back a little and select another property which we saw in my first example.
> $user = (Get-ADuser smoon -Properties Name, thumbnailPhoto | Select-Object Name, thumbnailPhoto) |
In this example, you can see that I have split out the stages into three and named some of the parameters, just so that you can see how that would be done. Now onto the final example: grabbing ALL images of ALL people.
Extracting images for everyone in an OU
For this, you need to know a bit about how your Active Directory is configured and in particular, what the name of your OU is. I’m not going to show you how to derive that if you don’t know but to give you a flavour, I will show you how mine looks (slightly altered). Here’s the script:
1 | $StandardOU = "OU=Standard,OU=Users,DC=AD,DC=TheCompany,DC=COM" |
If you were to take this script yourself, you would alter line 1 to match your OU. Line 3 uses the -SearchBase parameter to hunt through the OU rather than grab just one user and the rest of it is just as we have used previously.
There are of course many other things you can do, in many other ways, but hopefully this has given you a flavour of what is possible.
Hi! Did you find this useful or interesting? I have an email list coming soon, but in the meantime, if you ready anything you fancy chatting about, I would love to hear from you. You can contact me here or at stephen ‘at’ logicalmoon.com