Microsoft Subnet An independent Microsoft community View more

Getting Pictures and other Contact Info Into Outlook, AD, SharePoint, Exchange, OC 2010

Adding and Synchronizing Contact Info Manually and Automatically through Active Directory

One of the new features in Outlook 2010 is the ability to add a picture of your contacts into their contact record.  You can also add a picture to your SharePoint MySite profile and see pictures of others.  And with Communications Server 2010 coming out, it too has the ability of showing pictures of the individuals you are communicating with.

You can manually add a photo into Outlook, SharePoint, Active Directory, and others, or you can add just ONE photo and have it synchronized across all of the various applications (which I’m sure you’ll find to be an easier and smarter thing to do something once and have it updated in all of the places that uses the pictures).

In this article, I’m going to show you the steps to add a photo manually in Outlook 2010 (which I know many readers will want the quick and simple way of just adding a picture to a contact in Outlook) and for you IT Pros working in the datacenter, I’ll give a much more extensive step by step guide on how to configure photo replication for all of your apps.

Adding a Picture and other Contact Info Just to Outlook 2010 Contacts

This is the simple method for those of you who have Outlook 2010 and want to add a photo to one of your contacts.  When you receive an email from an individual, right-click on email name of the incoming message recipient and choose “Add to Outlook Contacts”: 

With the new contact open, click on “Picture” on the top ribbon bar and choose “Add Picture” 

Browser your system for a saved picture of the person and click “Open” to select the picture:

You can fill in other fields like Company name, address, phone#, mobile#, etc of the individual.  Choose “Save and Close” when you are done.

Now you’ll find when you open an email or create an email with this individual, their picture will appear in the email, bottom of the email, etc:

 Adding Pictures and other Contact Info to Active Directory to Synchronize Across all Microsoft 2010 Apps

This is the more complicated / IT Pro / server backend method of getting pictures into Active Directory so that the same picture (as well as other information like address, phone#, title, manager’s name, etc) are populated and replicated throughout Active Directory.  This will ensure that a phone# that shows up on a person’s MySite in SharePoint is the same phone# that is in Outlook contacts.  So this goes beyond just having a picture show up, but actual company / business information that is synchronized and made consistent across all of the Microsoft 2010 applications (ie: Exchange 2010, SharePoint 2010, Outlook 2010, Communication Server 2010, etc)

Assumptions I’m making as part of this step by step guide:

• You have Microsoft Active Directory 2003 Native Mode (or higher) in your environment

• Your email is Exchange 2010 (standard or enterprise doesn’t matter)

• You are running SharePoint 2010 (standard or enterprise, doesn’t matter)

• You are running Outlook 2010 as your client (professional, enterprise, doesn’t matter)

• Optionally you are running Communication Server 2010 (aka OCS 14) with the Communicator 14 client

You “can” still put photos into Active Directory and view them with Outlook 2010 even if you have Exchange 2003 or Exchange 2007, and you can import photos right into Active Directory and not even have SharePoint in your environment.  You can even have Novell eDirectory or SunOne instead of Active Directory to get photos working, but for this doc, I’m focusing on a Microsoft-centric environment with the latest “stuff” where the configuration and synchronization is pretty straight forward and the tools are all “in the box”.  I have links to other articles that can provide you steps for getting photos and synchronization of other information for other platforms at the end of this article for those interested in other articles, links, or background info.

Note: When building my SharePoint 2010 environment for User Profile Synchronization, I built the server using Windows Server 2008 SP2 (not Windows 2008 R2) as I had a lot of problems getting all of the security tokens and configurations working properly in R2 (LOTS of known bug fixes to get Windows 2008 R2 working for SharePoint 2010), so I simplified my process and used Windows 2008 SP2 as my base operating system.  With Windows 2008 SP2 under SharePoint 2010 for this User Profile Sync server, all of the steps worked as expected.

Contact Attribute Synchronization Background

The premise of this “synchronization” of phone#, address, titles, pictures and the like starts with a synchronization of content between Sharepoint 2010 MySites and Active Directory.  You would think that Active Directory is all authoritative and everything grabs stuff out of AD, however there’s no field in AD Sites and Services for you to upload a picture, so that’s where Sharepoint 2010 comes in.  For attributes like pictures that need a method to import the info into AD, you can add the information to your MySite in Sharepoint, and the information goes from SharePoint into AD.  Once in Active Directory, the information can then be accessed from Exchange, Outlook, Communication Server, and the like.

However, attributes that may have already been added to Active Directory, like phone#, titles, or the like, you’d want those attributes to replicate FROM Active Directory TO Sharepoint so that the user does not have to populate their “MySite” with that information, it’ll already be added.

This “synchronization” between AD and SharePoint MySites is how information gets back and forth between those two applications and is driven by a feature in SharePoint called the “User Profile Synchronization Application”.  Because users can now “change” their own information in their MySite, rather than having someone with Active Directory rights change mobile# and other user-centric contact information in Active Directory, users can change their own information in MySites and have that populated to Active Directory.  Some stuff like title or management hierarchy, the organization may still want to control that information from the AD side and push that down to SharePoint as read-only to users.  In any case, you now have options and can pick/choose the fields you want to be authoritative.

Once information is in Active Directory, then Exchange 2010 and Communication Server 2010 have server components that grab the information and brings the information into those applications (YES, the information is “replicated” down to Exchange and Communication Server, so there would be 4 separate copies of a picture thumbnail, phone#s, address info, etc on the various apps (AD, Exchange, Sharepoint, and OC).  It’s just a picture thumbnail and all of the information is compressed, so even for really large enterprises, the information is only a couple megabytes TOTAL for the entire organization, and attributes are synchronized individually starting with AD/2003 R2, so incremental syncs are small.

Outlook 2010 and Communicator 2010 users see the various picture / address / contact info information as an “address book” query.  So effectively, info in AD goes to Exchange in the Offline Address Book (OAB), and the Outlook client downloads / accesses the Offline Address Book that retains the pictures, contact info, etc.

Step 1: Determining Which Attribute Synchronize from Where to Where

The first step is determine what information (address, mobile#, phone#, title, picture, etc) you want to synchronize from Active Directory to Sharepoint MySites, and from Sharepoint Mysites to Active Directory.  For a list of attributes, do the following: 

1.  Go to Sharepoint 2010’s “Central Administration” (Start | All Programs | Microsoft Sharepoint 2010 Products | SharePoint 2010 Central Administration)

2.  Select “Manage Service Applications” (which is under the Application Management section)

3.  Highlight “User Profile Service Application” (usually click to the “side” of the words because if you click on the words, you’ll follow the link.  All you want to do is highlight the User Profile Service Application line).  When highlighted, click “Manage” in the Ribbon toolbar

4.  Click on “Manage User Properties”.  You will see a list of attributes and their mappings.  Most (like title, work#, manager) have already been defined, so when the sync service is kicked off, that information will automatically come down from AD to SharePoint.  Some attributes have not been defined yet, like the Picture attribute.  That needs to be configured and will be configured in Step 4 of this guide.  To view the sync attributes, to the right of the attribute, a “down arrow” appears and you can choose “edit” to edit the attribute configuration.  Again, this will be done in Step 4, but for now, just view the configurations

This is just a planning step to determine which attributes you want to use and which direction you want to replicate the information

Step 2:  Populate “Some” Information

Now that you’ve had a look at the various attributes, populate some information in Active Directory (like Manager’s name, title, office phone#, mobile#, etc) and go into Sharepoint and add in pictures.  Just do this for a “couple” users for a test (and can I suggest you create 2 dummy AD accounts and populate the information so that if something gets screwed up, you’re not corrupting your AD or SharePoint MySite, you’ll be fiddling with accounts you can easily delete and recreate!)

The process for adding stuff in AD: 

1.  On an Active Directory domain controller, go into Active Directory Users and Computers (Start | All Programs |Administrative Tools | Active Directory Users and Computers)

2. Double click on a user to pull up the user “properties” where you can enter in attribute information like Office location, telephone#, address, organization information, and the like (note: typically you do NOT want to change the First Name, Last Name, Display Name, Email Address, or User Logon Name information unless you know what you are doing and know that changing those attributes won’t impact other applications or user functions)

3.  Click OK to save any changes for the user

To add a picture to Sharepoint that’ll replicate back to Active Directory, do the following:

1.  Logon to Sharepoint 2010 with the account you want to add a picture

2.  Click on the upper right user information and choose “My Profile”

3.  Click on “Edit my Profile”

4.  Click on “Choose Picture” and upload a picture 

5.  Make any other changes to your Sharepoint MySites page, then scroll all the way to the bottom and click on “Save and Close”

Step 3:  Configure the Profile Synchronization Service in Sharepoint

The Profile Synchronization Service is tied to the User Profile Service in SharePoint, this is a very complicated series of services that you can read up on a whole lot more someday when you have nothing better to do, a good article is up on http://www.harbar.net/articles/sp2010ups.aspx.  All of this profile sync stuff was slapped together from a variety of bits and pieces Microsoft had to make this all work.  The key steps needed here are as follows:

1.  Go to Sharepoint 2010’s “Central Administration” (Start | All Programs | Microsoft Sharepoint 2010 Products | SharePoint 2010 Central Administration)

2.  Select “Configure Managed Accounts” (which is under the Security section)

3.  Click on “Register Managed Account” and add in an account that has the following properties:

    - will ultimately be the Farm Administrator for all of SharePoint

    - has schema access to Active Directory (ie: is a member of the Enterprise Admins group in AD)

    - is a local administrator to the local server (the account is in the server’s “Administrators” group)

For many orgs, this is the main domain administrator account, however if you tighten down your security, you might want to create an account that you can control the access of this account.  For now, this Profile Synchronization Service requires ALL of these security roles and there is talk that Microsoft will provide a better separation of security in SharePoint 2010 SP1.  Because this role has so many security hooks, at a minimum, you’d want to put this Profile Synchronization Service on a server that is NOT Web facing so that you can minimize the potential attack surface of this system from the external.  If security is something you can manage, then frequently the “domain\administrator” account is the one people select for this.

Enter in the full domain\username of the account and the password, then click OK 

4.  Now go back to Central Administration \ Security and choose “Configure Service Accounts”

5.  Select “Farm Account” and select for the “Account for this Component” choose the service account you just created/selected in Step3 (the master administrator account), then click OK

 6.  Go back to the Central Administration and select “Manage Services on server” (which is under the System Settings section)

7.  Scroll down to the “User Profile Synchronization Service” and click on START

8.  The “User Profile Service Application” should be the default, and you should see the master domain / farm service account listed as the default service account (greyed out, you can’t change it here).  Enter in the password for the account and click OK.  This will start the User Profile Synchronization Service

(NOTE:  This can take 10-20 minutes to start, be patient.  It’s starting the ForeFront Identity Manager Synchronization service as well as a ForeFront Identity Manager Service among other things, so this can take a while)

(Note:  Also, if you see the Service Account on this page (greyed out) showing the default “NT Authority\Network Service” account, you need to change the account.  The Network Service account does not have the necessary rights to do AD Sync with active directory.  Go back to Step 3 and register a domain account that has the appropriate rights and security available to it for the farm)

9.  After about 10 minutes, you can go back into the Central Administration and select “Manage Services on server” (under the System Settings section) and look for the “User Profile Synchronization Service” and confirm that the service is now green and marked “started”.

10.  Once you know the User Profile Synchronization Service is running in SharePoint, reboot the server (alternately you can simply run IISReset /Restart on the server which is all you need to do, but a clean reboot ensures the system is running with all services working). After the reboot, go back to Step 9 and check to make sure the “User Profile Synchronization Service” has started again and is now operational

11.  Go back into Central Administration / Application Management and select “Manage Service Applications”

12.  Highlight “User Profile Service Application” (usually click to the “side” of the words because if you click on the words, you’ll follow the link.  All you want to do is highlight the User Profile Service Application line).  When highlighted, click “Manage” in the Ribbon toolbar

13.  Select “Configure Synchronization Connections” and then select “Create New Connection”

14.  For Connection Name enter in something like “SP-AD”, type is “Active Directory”, enter in the name of your forest (ie: Company123.org), enter in an account name that has administrative access to AD such as a Domain Administrator account (ie: company123\administrator), enter in the password for the domain account

15.  Click on “Populate Containers”, click “Users” which will select the entire user container (assuming you have your users in the default User container, choose a different container(s) if your users are in various containers, or alternately click on “Select All” to grab everything out of AD for replication (later in Step 17 you’ll select just users and groups for synchronization).  You could alternately just pick specific containers or objects you want to synchronize.  Click OK when done

16.  Go back to Central Administration / Manage Service Application / User Profile Service Application / “Manage” and click on “Configure Synchronization Timer Job”.  The default sync is daily at 1am.  You can change it to whatever you want, I’d suggest no more than every hour during business hours, so “hourly” starting every day between 7am and no later than 6pm as your settings.  Click “Enable”

17.  Go back to Central Administration / Manage Service Application / User Profile Service Application / “Manage” and click on “Configure Synchronization Settings”.  Choose “Users and Groups”, checkbox on “Include existing BCS connections for synchronization”, and “User SharePoint Profile Synchronization”, click OK

Step 4:  Configure Sharepoint 2010 to Synchronize SharePoint MySite with Active Directory

The next step is to configure the attributes that you want to replicate between AD and MySites, this is what you identified back in Step 1.

1.  Go to Sharepoint 2010’s “Central Administration” (Start | All Programs | Microsoft Sharepoint 2010 Products | SharePoint 2010 Central Administration)

2.  Select “Manage Service Applications” (which is under the Application Management section)

3.  Highlight “User Profile Service Application” (usually click to the “side” of the words because if you click on the words, you’ll follow the link.  All you want to do is highlight the User Profile Service Application line).  When highlighted, click “Manage” in the Ribbon toolbar

4.  Click on “Manage User Properties”.  You will see a list of attributes and their mappings.

5.  To replicate the “Picture” from SharePoint into AD, click to the right of the Picture attribute to choose “Edit”.  Scroll down to the bottom where it has “Source Data Connection” and you’ll see the connector you created at the end of Step 4 noted.  Change the attribute to note “thumbnailPhoto” and the Direction should be “Export”, then click ADD.  The attribute will show up in the “Property Mapping for Synchronization” section right above the Source Data Connection.  Don’t worry about the attribute “businessRoles” that is now in that mapping below, that’s just an interface to “add” the mappings.  Click OK when Done

Note: you can go through all of the various attributes and see how they are configured.  Some are set to default import from AD into SharePoint, and some are set to export from SharePoint to AD.  You’ll see that things like phone#s that are imported from AD are set to “not be edited by user” in SharePoint that can be configured so that the user can override AD information if you choose in this portion of the configuration.  Make the changes as you see fit in your organization and save the settings and then kick off synchronization.

Some of the attributes you may want to configure:

  - Mobile (AD attribute mobile) set to Import (also might want to set for user to be able to edit)

  - Fax (AD attribute facsimileTelephoneNumber) set to Import

  - Home Phone (AD attribute homephone) set to Import

  - Office Location (AD attribute StreetAddress) set to Import

  - Manager (AD attribute Manager) set to Import

  - Title (AD attribute Title) set to Import

Step 5: Kick off a Full Profile Sync between Sharepoint 2010 and Active Directory

The next step is to synchronize AD and Sharepoint by kicking off a full profile sync.

1.  Go to Central Administration / Manage Service Application / User Profile Service Application / “Manage” and click on “Start Profile Synchronization” 

2.  Click on “Start Full Synchronization” and then OK

3.  You’ll notice in the bottom right of the screen, it’ll show the status as “Synchronizing” (you can press F5 on your browser to refresh the screen).  Wait until the Profile Synchronization Status changes back to “Idle” and the sync should be complete (could take a few minutes to process everything)

Step 6: Getting Outlook 2010 to work with AD Attributes

Once you have the pictures flowing from SharePoint up to Active Directory (and you’ve successfully populated Active Directory with address, titles, phone#s, etc), Outlook 2010 will automatically grab the information from Active Directory.  It typically takes “a few moments” (10-20 minutes) after a full sync from SharePoint for the content to end up in Outlook.

Within Outlook 2010, you can connect it to your MySite in SharePoint so that you have a link for content and SharePoint information.  To link Outlook 2010 to your SharePoint MySite (which is done for EACH user individually), do the following:

1.  On the Outlook 2010 toolbar, click on View

2.  Click on People Pane and select Account Settings

3.  Click to select MySite and enter in

  -  URL:  Enter the URL of your “MySite” (ie:  http://sp2010/my/default.aspx)

  -  User Name: is your logon to your MySite (ie: company123\rand)

  -  Password:  is the password for your logon

4.  Click Connect

Once MySites is connected, you can click on the picture of each individual in the Picture Profile pane and you can quickly see any new MySite content they are making available to you, any social updates they are blogging or posting, or the like.

Step 7: Configure Communicator 2010 to Access Active Directory Attribute Information

Additionally, once you have the pictures flowing from SharePoint up to Active Directory (and you’ve successfully populated Active Directory with address, titles, phone#s, etc), Communicator 2010 will automatically grab the information from Active Directory.  It takes the same amount of time when the pictures are available in Outlook 2010 that they appear in Communicator 2010, typically “a few moments” (10-20 minutes) after a full sync from SharePoint for the content to end up in Communicator.

Other References:

This is a TechNet article that goes through Profile Sync in SharePoint 2010 that provides options for creating NEW user sync profiles to synchronize other stuff than address, phone#, photos but possible custom attributes you may want to sync between SharePoint and AD.  http://technet.microsoft.com/en-us/library/ee721049.aspx

This is an article posted on Sharepoint George that covers more details on the User Profile Service in Sharepoint 2010  http://sharepointgeorge.com/2010/configuring-the-user-profile-service-in-sharepoint-2010/

This article was written by Rand Morimoto, September 5, 2010.  Rand is the President of Convergent Computing and lead author of a number of books on Microsoft technologies including: Exchange 2010 Unleashed, Windows 2008 R2 Unleashed, and System Center Enterprise Suite Unleashed.  For more information on Rand's company, see http://www.cco.com

Join the discussion
Be the first to comment on this article. Our Commenting Policies