Hybrid user profile photo

Arjan Cornelissen
PowerShell, active-directory, exchange, office-365, sharepoint, sharepoint-online

When setting up a hybrid environment we usually first setup hybrid search and do not that much on hybrid profiles. I have noticed that there are some quirks in the hybrid profiles what might not get noticed while setting it up. At the moment of setting up hybrid profiles, there is not that much to configure. Only none, all in Office 365 or based on a group. As many of you know a good user profile consists of some basic data like a photo, name, contact details, manager and location.

When you only manage the photo’s in the in the SharePoint profile and not in Active Directory, you need to make sure you copy that photo to SharePoint online as well. It is obvious that when you go to the online profile, there is no image. What we noticed is that at the moment you use to search for people the user image is pulled from the location that the hybrid profile is pointing at.

We had a search result that always is pointing to the on-premises user profile store to get the people results and at the moment that the specific user is in the group for hybrid profiles the photo was not displayed anymore. After some digging we saw that the image that is displayed in the search results is using the “/_layouts/15/userphoto.aspx”. and that page is getting the photo.

When you search online the user that is not in the hybrid profiles yet, the URL to the user photo will get an extra query string variable with the URL of the photo that is pointing to the on-premises mysite.

There are three ways to resolve this.

  1. Make sure you place the images in Active Directory in the appropriate size
  2. Build a script to synchronize the images from on-premises to online
  3. Synchronize the images from on-premises to Exchange online mailbox

The third option is only available for the users that have an Exchange mailbox of course, but when they have it, this will be your best option because then the photo is not only in SharePoint available. When you place the photo in the users Exchange mailbox, most of the Office 365 services can use it like Skype for Business, Exchange, SharePoint. These services will first look in the Exchange mailbox and when not found in Azure Active Directory.

Services like Flow will use the Azure Active Directory to get the user profile image.

To have the same user profile image across Office 365, the photo needs to be in two places:

  • Azure Active Directory
  • Exchange Online mailbox

The below image shows how this works.

When you only have an image in Azure Active Directory, the image has a max size of 100kb and 96x96px, but Exchange online can only use that image if it is not bigger then 10kb. When uploaded separately in Exchange online the image can be 648x648px and will resize for the use that it needs. With that resolution, the other services can display a better photo.

The best way to set this is to use the Exchange online PowerShell cmdlet ‘Set-UserPhoto’ because this sets the image in Exchange Online and Azure Active Directory.