This project is read-only.

Flaw in SUSHI Profile Image for SP2010, could it break AD?

Aug 11, 2010 at 5:26 PM

Hello All,

Great work on SUSHI!

I was looking for a tool to bulk upload user profile images when I ran across SUSHI. Although SUSHI works, it does not appear to be correct for SP2010 especially with Active Directory user profile sync.

Although it could be that I do not fully understand, so I only mean to bring this to your attention thus I am posing this all as more of a question than a statement. :-)

The user photos are actually stored in a folder within the User Photos library named Profile Pictures.
Within this folder there should be 3 thumbnails maximum resolution and size per Microsoft is 144x144 at <10kb plus 2 others, 96x96 and 32x32. Thus named domain-name_User.one_LThumb.jpg, domain-name_User.two_MThumb.jpg and domain-name_SThumb.jpg.
This is all done behind-the-scene if the user manually uploads via the Edit Profile page. The reason for three resolutions are to integrate with OutLook, Communication Server (Instant Messaging) and other Microsoft applications.

You can see the library and folder by going to (replace with the proper FQDN of your mysites wep application).

1.) The way that SUSHI is currently doing profile photos puts 1 copy of the original picture into the User Photos library which acording to Microsoft would be the wrong location.
2.) SUSHI places the original picture in this library without any size limitation, checking or resizing. Our HR person submitted 2592x1944 snapshots of everyone that averaged 2MB each and included several user submitted 16MB photos.

By design Microsoft assumes that User Profile syncronization will be configured between Active Directory and SharePoint User Management Services, this allows centralized user inforamtion via AD. What A LOT of people do not understand is that BY DESIGN, Microsoft, in thier infinate wisdom choose to EXPORT the user photo (PictureURL) OUT of SharePoint 2010 INTO Active Directory versus importing into SharePoint from AD like the other user attrributes. This means the FULL binary for whatever picture you or your users upload to SharePoint will sync into AD! Not Good!! AD can become so big it takes forever to reply and can actually break if pushed, imagine a company with 25,000 user accounts (yes they exist), now upload 25,000 2MB photos which get sync'd to AD that night...