Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Tool that bulk imports or removes User pictures, based on AD Group Membership
#requires -Version 2.0 -Modules ActiveDirectory
<#
.SYNOPSIS
Tool that bulk imports or removes User pictures, based on AD Group Membership
.DESCRIPTION
Tool that bulk imports or removes User pictures, based on AD Group Membership
If a user is in both groups, the picture will be removed!
Idea based on my old tool to import Active Directory pictures.
They are a bit to tiny, so I use Exchange now to make them look better in Exchange and Skype.
.PARAMETER AddGroup
Active Directory Group with users that would like to have a picture.
For all Members of this group, the Tool will try to set an image.
.PARAMETER RemGroup
Active Directory Group with users that would like have have the picture removed.
For all Members of this group, the Tool will try to remove the existing image (If set).
.PARAMETER PictureDir
Directory that contains the picures
.PARAMETER Extension
Extension of the pictures
.PARAMETER workaround
Workaround for Exchange 2016 on Windows Server 2016
.PARAMETER UPNDomain
The default Domain, to add to the UPN
.EXAMPLE
# Use the Groups 'ADDPIXX' and 'NOPIXX' to Set/Remove the User Pictures
# There was an Issue with the User joerg.hochwald (Possible Picture Problem!
PS C:\> .\.\Set-AllUserPictures.ps1 -AddGroup 'ADDPIXX' -RemGroup 'NOPIXX' -PictureDir 'c:\upixx\' -workaround -UPNDomain 'jhochwald.com'
WARNING: Unable to set Image c:\upixx\joerg.hochwald.jpg for User joerg.hochwald
.EXAMPLE
# Use the Groups 'ADDPIXX' and 'NOPIXX' to Set/Remove the User Pictures
# There was an Issue with the User jane.doe - Check that this user has a provissioned Mailbox (on Prem or Cloud)
PS C:\> .\.\Set-AllUserPictures.ps1 -AddGroup 'ADDPIXX' -RemGroup 'NOPIXX' -PictureDir 'c:\upixx\' -workaround -UPNDomain 'jhochwald.com'
WARNING: Unable to handle jane.doe - Check that this user has a valid Mailbox!
.EXAMPLE
# Use the Groups 'ADDPIXX' and 'NOPIXX' to Set/Remove the User Pictures - Everything went well
PS C:\> .\.\Set-AllUserPictures.ps1 -AddGroup 'ADDPIXX' -RemGroup 'NOPIXX' -PictureDir 'c:\upixx\' -workaround -UPNDomain 'jhochwald.com'
WARNING: Unable to handle jane.doe - Check that this user has a valid Mailbox!
.NOTES
TODO: There is no logging! Only the Exchange RBAC logging is in use
TODO: A few error handlers are still missing
If a user is in both groups, the picture will be removed!
Verbose could be very verbose. This is due to the fact, that the complete Exchange logging will be shown!
There are a few possibilities for Warnings and Errors. (Mostly for missing things)
Disclaimer: The code is provided 'as is,' with all possible faults, defects or errors, and without warranty of any kind.
Author: Joerg Hochwald
License: http://unlicense.org
.LINK
Author http://jhochwald.com
.Link
License http://unlicense.org
#>
param
(
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 1,
HelpMessage = 'Active Directory Group with users that would like to have a picture')]
[ValidateNotNullOrEmpty()]
[Alias('positive')]
[string]
$AddGroup,
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 2,
HelpMessage = 'Active Directory Group with users that would like have have the picture removed.')]
[ValidateNotNullOrEmpty()]
[string]
$RemGroup,
[Parameter(Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 3,
HelpMessage = 'Directory that contains the picures')]
[ValidateNotNullOrEmpty()]
[Alias('PixxDir')]
[string]
$PictureDir,
[Parameter(ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 5)]
[Alias('defaultDomain')]
[string]
$UPNDomain,
[Parameter(ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 4)]
[ValidateSet('png', 'jpg', 'gif', 'bmp')]
[ValidateNotNullOrEmpty()]
[string]
$Extension = 'jpg',
[switch]
$workaround = $false
)
BEGIN
{
if ($workaround)
{
# Unsupported Workaround accoring to https://hochwald.net/workaround-for-get-help-issue-with-exchange-2016-on-windows-server-2016/
Add-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.SnapIn
}
# Cleanup
$AddUserPixx = $null
$NoUserPixx = $null
# Check the source directory string and fix it if needed
if (-not ($PictureDir).EndsWith('\'))
{
# Fix it
$PictureDir = $PictureDir + '\'
$paramWriteVerbose = @{
Message = 'Fixed the Source Directory String!'
}
Write-Verbose @paramWriteVerbose
}
try
{
$paramGetADGroupMember = @{
Identity = $AddGroup
ErrorAction = 'Stop'
WarningAction = 'SilentlyContinue'
}
$AddUserPixx = (Get-ADGroupMember @paramGetADGroupMember | Select-Object -Property samaccountname)
}
catch
{
$paramWriteError = @{
Message = "Unable to find $AddGroup"
ErrorAction = 'Stop'
}
Write-Error @paramWriteError
return
}
try
{
$paramGetADGroupMember = @{
Identity = $RemGroup
ErrorAction = 'Stop'
WarningAction = 'SilentlyContinue'
}
$NoUserPixx = (Get-ADGroupMember @paramGetADGroupMember | Select-Object -Property samaccountname)
}
catch
{
$paramWriteError = @{
Message = "Unable to find $AddGroup"
ErrorAction = 'Stop'
}
Write-Error @paramWriteError
return
}
function Test-ValidEmail
{
<#
.SYNOPSIS
Simple Function to check if a String is a valid Mail
.DESCRIPTION
Simple Function to check if a String is a valid Mail and return a Bool
.PARAMETER address
Address String to Check
.EXAMPLE
# Not a valid String
PS C:\> Test-ValidEmail -address 'Joerg.Hochwald'
False
.EXAMPLE
# Valid String
PS C:\> Test-ValidEmail -address 'Joerg.Hochwald@outlook.de'
True
.NOTES
Disclaimer: The code is provided 'as is,' with all possible faults, defects or errors, and without warranty of any kind.
Author: Joerg Hochwald
License: http://unlicense.org
.LINK
Author http://jhochwald.com
.Link
License http://unlicense.org
#>
[OutputType([bool])]
param
(
[Parameter(Mandatory = $true,
HelpMessage = 'Address String to Check')]
[ValidateNotNullOrEmpty()]
[string]
$address
)
($address -as [mailaddress]).Address -eq $address -and $address -ne $null
}
}
PROCESS
{
if (-not ($AddUserPixx.samaccountname))
{
$paramWriteVerbose = @{
Message = "The AD Group $AddGroup has no members."
}
Write-Verbose @paramWriteVerbose
}
else
{
# Add a counter
$AddUserPixxCount = (($AddUserPixx.samaccountname).count)
$paramWriteVerbose = @{
Message = "The AD Group $AddGroup has $AddUserPixxCount members."
}
Write-Verbose @paramWriteVerbose
foreach ($AddUser in $AddUserPixx.samaccountname)
{
if (($NoUserPixx.samaccountname) -notcontains $AddUser)
{
# Check the UPN and Fix it, if possible
if (-not (Test-ValidEmail($AddUser)))
{
if (-not ($UPNDomain))
{
# Whoopsie
$paramWriteError = @{
Message = 'UPN Default Domain not set but needed!'
ErrorAction = 'Stop'
}
Write-Error @paramWriteError
}
else
{
# Let us fix this
$AddUserUPN = ($AddUser + '@' + $UPNDomain)
}
}
# Build the Full Image Path
$SingleUserPicture = ($PictureDir + $AddUser + '.' + $Extension)
# Check if Picture exists
$paramTestPath = @{
Path = $SingleUserPicture
ErrorAction = 'Stop'
WarningAction = 'SilentlyContinue'
}
If (Test-Path @paramTestPath)
{
try
{
$paramSetUserPhoto = @{
Identity = $AddUserUPN
PictureData = ([IO.File]::ReadAllBytes($SingleUserPicture))
Confirm = $false
ErrorAction = 'Stop'
WarningAction = 'SilentlyContinue'
}
$null = (Set-UserPhoto @paramSetUserPhoto)
}
catch
{
$paramWriteWarning = @{
Message = "Unable to set Image $SingleUserPicture for User $AddUser"
ErrorAction = 'SilentlyContinue'
}
Write-Warning @paramWriteWarning
}
}
else
{
$paramWriteWarning = @{
Message = "The Image $SingleUserPicture for User $AddUser was not found"
ErrorAction = 'SilentlyContinue'
}
Write-Warning @paramWriteWarning
}
}
else
{
$paramWriteVerbose = @{
Message = "Sorry, User $AddUser is member of $AddGroup and $RemGroup"
}
Write-Verbose @paramWriteVerbose
}
}
}
if (-not ($NoUserPixx.samaccountname))
{
$paramWriteVerbose = @{
Message = "The AD Group $RemGroup has no members."
}
Write-Verbose @paramWriteVerbose
}
else
{
# Add a counter
$NoUserPixxCount = (($NoUserPixx.samaccountname).count)
$paramWriteVerbose = @{
Message = "The AD Group $RemGroup has $NoUserPixxCount members."
}
Write-Verbose @paramWriteVerbose
foreach ($NoUser in $NoUserPixx.samaccountname)
{
# Check the UPN and Fix it, if possible
if (-not (Test-ValidEmail($NoUser)))
{
if (-not ($UPNDomain))
{
# Whoopsie
$paramWriteError = @{
Message = 'UPN Default Domain not set but needed!'
ErrorAction = 'Stop'
}
Write-Error @paramWriteError
}
else
{
# Let us fix this
$NoUserUPN = ($NoUser + '@' + $UPNDomain)
}
}
$paramSetUserPhoto = @{
Identity = $NoUserUPN
Confirm = $false
ErrorAction = 'Stop'
WarningAction = 'SilentlyContinue'
}
try
{
$null = (Remove-UserPhoto @paramSetUserPhoto)
}
catch
{
$paramWriteWarning = @{
Message = "Unable to handle $NoUser - Check that this user has a valid Mailbox!"
ErrorAction = 'SilentlyContinue'
}
Write-Warning @paramWriteWarning
}
}
}
}
END
{
# Cleaniup
$AddUserPixx = $null
$NoUserPixx = $null
$AddUserPixxCount = $null
$NoUserPixxCount = $null
# Do a garbage collection: Call the .NET function to cleanup some stuff
$null = ([GC]::Collect())
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.