MicroStrategy ONE

Including Profile Photos in Microsoft Active Directory

When integrating Microsoft Active Directory with MicroStrategy Identity as part of your identity management system, you can include profile photos that are then displayed on your users' badges.

The steps below assume that you have imported Microsoft Active Directory users into your MicroStrategy Identity Network, as described in Including Profile Photos in Microsoft Active Directory.

Each profile photo has a maximum recommended size of 800 KB.

To Include Profile Photos in Microsoft Active Directory

  1. Create a directory location hosted by a web server that your Microsoft Active Directory server can access. This directory must be dedicated to storing profile photos.
  2. Store the photos for your users, using unique names for each photo. You can use each user's account name to create unique names for each photo. For example, you can create jsmith.jpg, jdoe.jpg, and fjackson.jpg.
  3. With your web server deployed, ensure that you can view the profile pictures by navigating to the URL for a picture using the following format:
    https://WebServer:PortNumber/PhotoDirectory
    where:
    • WebServer: The web server where you host the profile photos.
    • PortNumber: The port number for your web server.

    • PhotoDirectory: The full path to the directory location where you store the profile photos.

      For example, the full URL to a photo could be:

      https://example.company.com:1234/main/photos/jsmith.jpg

  4. Using Microsoft Active Directory, update each user to include their profile photo URL. You must include this URL in one of the following ways:
    • If you have Microsoft Exchange™:
      1. You can extend the information for each user in Microsoft Active Directory to include extension attributes. These are named extensionAttribute1, extensionAttribute2, ... , extensionAttributeN, and these names also act as the entry values.
      2. Include the profile photo URL in the same extension attribute for each user. For example, if extensionAttribute1 is not used for any of the users in your Microsoft Active Directory, include the profile photo URL in extensionAttribute1 for every user.
    • If you do not have Microsoft Exchange:
      1. Determine a field in your Microsoft Active Directory that is not used for any user. You must also determine the entry value for this field. For example, the First Name field uses the entry value givenName and the Last Name field uses the entry value sn. Refer to your third-party Microsoft documentation for steps to determine the entry value for a field in Active Directory.
      2. Include the profile photo URL in the same field for each user. For example, if the Description field (entry name is description) is not used for any of the users in your Microsoft Active Directory, include the profile photo URL in the Description field for every user.
  5. Log into Identity Manager.
  6. Click Users & Badges.
  7. Under User Management, click Edit.
  8. Under LDAP Mapping, click Edit Active Directory Attributes Mapping, then click Add Another. A row for an additional LDAP field is added.
  9. From the User Info drop-down list, select Photo URL.
  10. From the Available Active Directory Attributes drop-down list, select the Microsoft Active Directory field that contains information about each user's profile photo. For example, if you used extensionAttribute1 to store the profile photo URLs, specify extensionAttribute1.
  11. Click Save.