Forcing Active Directory Photos with Lync 2010

7 Dec

With Lync 2010 setup (all be it very basic right now) it was time to take control. I started exploring what was possible via various policys for the clients.

One of the features allows users to choose their own profile photo, or at least select a photo that is easily accessible online.

Across the blogs I’ve read that its generally a bad idea to let users change their own photo, so IT (and HR down the line) will take care of this, after approval of all images and some cups of tea of course.

I was reading Elans Blog which gave me a good haad start into using the Management Shell

Anyway, head off to the Lync Server Management Shell and type in this

Get-CSUser “Dave Harris”

So that’s brought back all the information for me, of you, or whatever name you typed in. There is stacks more information here which might be useful to you.

Next, running this “Get-CSClientPolicy | FL Identity” will return the client policy assigned to the user specified:

Which right now is diddly squat, so that needs changing.

I want to force user to use the corporate photo stored in AD (see my previous post here on importing photos), so I will create a new policy called “ForcePhotos”:

New-CSClientPolicy –Identity ForcePhotos

And then we check that the new policy is there:

If you’re interested, all the availbe command for use with Set-CsClientPolicy can be found here

if you look closely, you will see:

[-DisplayPhoto <NoPhoto | PhotosFromADOnly | AllPhotos>]

DisplayPhoto – Determines whether or not photos (of both the user and his or her contacts) will be displayed in Lync 2010. Valid settings are:

  • NoPhoto – Photos are not displayed in Lync 2010.
  • PhotosFromADOnly – Only photos that have been published in Active Directory Domain Services (AD DS) can be displayed.
  • AllPhotos – Either Active Directory photos or custom photos can be displayed.
  • The default value is AllPhotos.

So, then we run this to modify the new policy to set it so that only photos from AD can be used:

Set-CSClientPolicy –Identity ForcePhotos –DisplayPhoto PhotosFromADOnly

And then run this command to check that the policy is a-ok.

Get-CSClientPolicy –Identity ForcePhotos | Format-List DisplayPhoto

Sweet. Now we need to assign this policy to me (to test):

Grant-CSClientPolicy -Identity “dave harris” -PolicyName ForcePhotos

Then sign in and out of the Lync Client to check this has worked ok.

As Elan pointed out, to undo this command, simply run:

Grant-CSClientPolicy -Identity “dave harris” -PolicyName $Null

So, now I want to apply that policy to all the users in the office. Take a step back and remember the command used at the very start.

Get-CsUser –Identity “dave harris”

Which brings back my details, so now let’s try this:

Get-CsUser –Identity “d*”

Yep, that brings back all users with a ‘d’ in their name. Maybe you can see where I’m going with this.

Get-CSADUser –OU “ou=Users,ou=Company,dc=my,dc=domain,dc=dom”

And that now returns all the users in the Company, Users OU.

Right, so now we have the users we want, we simply run the search and apply the action:

Get-CSADUser –OU “ou=User Accounts,ou=Users,ou=Company,dc=my,dc=domain,dc=dom” | Grant-CSClientPolicy -PolicyName ForcePhotos

An even easier way is to do this via an LDAP query, so everyone that has their Department set to “IT Department” for example:

Get-CsUser -LDAPFilter “Department=IT Department” | Grant-CsVoicePolicy -PolicyName RedmondPolicy

See here for more information on this.

Now if you now look in the Lync Control Panel, you will see the ForcePhotos policy is set (at the bottom):

You can then obviously select this policy for any other enabled Lync users.