Synchronize your user profile pictures from AzureAD to CRM Online in powershell

ExportUserProfilePictureFromAAD2CRM.ps1

#script by Clément Olivier
#date : 22nd of March 2018
#blog reference : https://stuffandtacos.azurewebsites.net/2018/04/22/synchronize-your-user-profile-pictures-from-azuread-to-crm-online-in-powershell/

#Add-Crm-Sdk;
Import-Module -Name ".\Microsoft.Xrm.Data.Powershell"

# Preparing the needed informations to connect to AAD & CRM
$aadUser = "yourname@domain.com"
$aadPassword = ConvertTo-SecureString -String "YourStrongestPassword" -AsPlainText -Force
$crmUser = "yourname@domain.com"
$crmPassword = ConvertTo-SecureString -String "YourStrongestPassword" -AsPlainText -Force
$crmUrl = "https://tenant.crm4.dynamics.com"

# creating a connection to your AAD
$CredentialAAD = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $aadUser, $aadPassword

try {
    $connAAD = Connect-AzureAD -Credential $CredentialAAD
}
catch {
    write-host "Caught an exception during connection to AAD:" -ForegroundColor Red
    write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
    exit 1
}
# creating a connection your your CRM instance
$CredentialCRM = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList crmUser, $crmPassword
$conn = Connect-CrmOnline -Credential $CredentialCRM -ServerUrl $crmUrl

# we make sure that the CRM connection was performed properly
if($conn.IsReady -ne $true){
    write-host "Caught an issue during connection to CRM instnace:" -ForegroundColor Red
    Write-Host $conn.LastCrmError -ForegroundColor Red
    exit 1
}

#Getting all users and who are not disabled and licensed
$CrmUsers = (Get-CrmRecords -conn $conn -EntityLogicalName systemuser -FilterAttribute isdisabled -FilterOperator eq -FieldValue false -Fields domainname,entityimage,islicensed).CrmRecords
# Now from the result, we keep only the licensed users (to avoid getting the crmoln@microsoft.com users for example)
$CrmUsers = $CrmUsers | Where-Object { $_.islicensed -eq "Yes" }

Write-Host $CrmUsers.Count" users retrieved."

# We now loop on all our users
foreach($CrmUser in $CrmUsers)
{
   try {    
        Write-Host "Working with "$CrmUser.domainname

       # retrieving the user from the AAD
        $userAAD = Get-AzureADUser -ObjectId $CrmUser.domainname -ErrorAction SilentlyContinue
        Write-Host "   -> AAD profile retrieved."
        
        #Making sure the user was found
        if($userAAD -ne $null)
        {
            #getting the picture and downloading it locally (by default it will be the GUID.jpg filename)
            Get-AzureADUserThumbnailPhoto -ObjectId $userAAD.ObjectId -FilePath (Get-Location).Path
            # we get the exact filename in case the file doesn't have a jpg extension
            $picName = (Get-ChildItem -Path (Get-Location).Path | Where-Object { $_.Name -like ''+$userAAD.ObjectId+'*' }).Name # to handle any kind of extension
            # storing the full path to picture
            $picPath = (Get-Location).Path+"\"+$picName
            Write-Host "   -> AAD picture profile retrieved. (path : " $picPath")"

            if((Test-Path $picPath))
            {
                # getting the picture content in Bytes
                $pictureInBytes = [System.IO.File]::ReadAllBytes($picPath)

                # setting the image in bytes to systemuser record 
                Set-CrmRecord -conn $conn -EntityLogicalName "systemuser" -Id $CrmUser.systemuserid -Fields @{"entityimage"=$pictureInBytes}

                Write-Host "   -> profile picture updated."

                # cleaning the user picture from your drive
                Remove-Item -Path $picPath
            }
        }
   }
   catch {
        write-host "Caught an exception:" -ForegroundColor Red
        write-host "Exception Type: $($_.Exception.GetType().FullName)" -ForegroundColor Red
        write-host "Exception Message: $($_.Exception.Message)" -ForegroundColor Red
   }
}