First blog of the Year and its good ole Administration in SharePoint 2010 land, starring User Profiles.

Now back in SharePoint 2007 SSP User Profiles, you may have thought that configuration was easy and simplistic. You know, setting a property to a value in AD was a done deal, right?

Let’s take an issue which had me stumped; which I managed to resolve and suspect was down to a combination of calls to Microsoft, heavy trawling of MS blogs, great SharePoint blogs, my own blogs on Service Applications. And of course, starring a mix of several test environments.

First, let’s describe the problem.

Users have their picture thumbnails created and pushed into AD via Third Party. The property that stores the picture is called ThumbNailPhoto. We need to display that photo in the search results when doing a People Search, and also in their Mysite when the user is being displayed. We don’t allow the users to change the photo so we only want to import them.

Describing the platforms I worked on

1: A three server SharePoint 2010 farm connected to its own AD copy of 2000 users.

2: A single server SharePoitn 2010 farm connected to its own AD copy of 1000 users.

Each platform has a number of photos uploaded to named accounts, called SPTest1 through to 100.

Description of the problem

Now, if the picture thumbnail was a URL pointing to a location of the user and the property in SharePoint being used to show the Picture was also a URL then – yep, this would be easy lets map the PictureURL to the PictureURL. However, that wont help in SharePoint 2010. Why? Well, the main reason for this is quite simply that the PictureURL property is a URL field (storing only the HTTP address pointing to a picture file), whereas AD stores the entire image itself as a “binary large object” (blob). So any synchronisation will involve downloading the pictures stored in AD, putting them somewhere HTTP-accessible, and then setting the PictureURL user profile property to the address of this copied image file.

Additionally, there was no out-of-box support for synchronizing user profile pictures from Active Directory to SharePoint (SharePoint to AD worked) in 2010.

Here’s what I tried before getting to stumped level.

1: Attempted to set the import Picture URL property to ThumbnailPhoto – recrawled the people search, nothing.

2: Attempted to set the export Picture URL property to ThumbnailPhoto and put a picture into my MYSITE user profile – hey that worked!

3: Tried the same on several test farms before building two more farms (as described above) and applying the October CU – several failures because I could not get the sequence right – see below.

Following an investigation further and discussions with other SharePoint Architects with the exact same problem, I found out that the issue had been escalated to Microsoft.

Microsoft provided the 2010 October CU hotfix; then removed and then re-released release. One of the ‘fixes’ was to provide the ability for the import of thumbnails from AD to SharePoint. Unfortunately, I found that a number of steps was still required to get photos to be displayed.

Steps.

Before continuing, let me state that the following steps I’ve repeated four times on separate SharePoint instances and each one has worked. If they don’t for you check the version of your farm to ensure that the October CU has taken hold. Make sure also that the CU has completely deployed. Also, make sure that you do have accounts where the ThumbnailPhoto property has a picture assigned to it. I know that might sound completely daft but I’ve found examples where the admins are saying ‘It doesn’t work’ when in fact no pictures have been even set in the relevant property.

Let’s begin.

1: Deploy the October CU to all of the servers in the farm. This means installing it in full, and as you do note that the servers must be rebooted. I installed the CU on the Index Servers and then the web front ends, by letting the installation take place on all three, then rebooting the index server first and running the Products Configuration Wizard on the index server, then repeating that process for each of the front end servers. Then, when installed on the application server ensure that the Profile Sync Service is running (Central Administration, Services on Server, User Profile Synchronization Service).

2: Update the ThumbnailPhoto Property. Access your User Profile Application on the CA, go to Manage User Properties, access the Picture Property, then map the Picture Property to your Active Directory ThumbnailPhoto Property

3: Run a User Synchronization job to re-populate the user profiles.

4: Once the User Synchronization job is complete, access the user properties to see if the Picture Property has picked up some profiles. If it has you’re nearly there!

5: Run a Powershell script to update the profile pictures to the MySite URL. Open up the SharePoint Management Shell and run the following command:

Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation http://<YourServerName>/my

This ensures the profile photos are set into the relevant MySite so that when the user is located their picture is displayed. Additionally, I’ve found that even if you run a sync job to get the pictures from AD that the number of profiles against the property is not updated. The above command corrects that issue.

6: Finally, run the People Crawl to update the user search properties so that when searching for the user the images are displayed.

That’s all there is to it! Hope this helps out you guys out there.