Customising the Outlook Contact Cards and Adding User Photos

Recently, I decided that I wanted to add staff photographs to the Global Address List. This is something that I had previously inherited in a former job, and thought would be good to implement for my current employer.

There were a few reasons for wanting to do this :

  • Staff awareness of each other

Whilst working in IT, i seem to know everyone in the company (we aren’t massive, <200 staff), it turns out that most people struggle with who people are outside of their own department.

  • Friendly face on emails

People treat each other better (even internally) when they can put a face to who they are communicating with, especially over email.  It’s too easy to dehumanise someone who is just words on a page.

Anyway, the technical stuff.

Group Policy

First thing we needed to do was to install the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool.  This gives the extra options to be able to manage a whole host of customisation settings within the office environment.

The relevant ones for the Contact Card are in User Configuration>Policies > Administrative Templates > Microsoft 2013 > Contact Card > Contact Tab


This part can get a little fiddly.  There are a few default values for the Contact Cards and if these fields are competed in an AD User then they are displayed.  To display different ones (we wanted to have the Pager field displayed, which is not default) then you have to replace one of the defaults.

There are 3 types of options here :

  1. Replace AD
  2. Replace Label
  3. Replace MAPI

In all honesty, this whole process seriously confused me, and took a HUGE amount of trial and error to get the result I wanted.   I know a lot of these “how to” posts give full technical explanations, but I still don’t fully understand this.  This is just an explanation of what I did to get it working!

As an example, to add the Pager field (where we store our users extensions numbers) to the Contact card ,I removed the Work Address default value by setting the following policy values:

  • Replace Label -Work Address = “Extension” (this made it so that instead of the field being displayed as Pager, it was displayed as Extension)
  • Replace AD – Work Address = “ms-Exch-Telephone-Personal-Pager” (This is the full AD Attribute name for the Pager field in AD – a hell of a lot of googling went into this!)
  • Replace MAPI -Work Address  =  975241247 (this is the Binary value  for the hexadecimal property tag for the Pager property – again, a lot of googling!)

Once the group policy was set up and working (FINALLY!) the next task was to actually add the pictures.


Turns out the photos have to be less than 10 Kb for them to be stored in AD. I used GIMP to shrink all user photos down until they were all under the size limit and stored them in a share on one of our server.  You can set the photos against the indivisual users using Powershell.

To set all photos at once :

$PhotoPath = "\SERVER\SHARE\photos\Outlook\*.*" $PhotoPath = "\SERVER\SHARE\photos\Outlook\*.*"

ForEach ($PhotoFile in gci $PhotoPath)

{ $User = '' + $PhotoFile.Name.substring(0, $PhotoFile.Name.Length - 4) + ''
Import-RecipientDataProperty -Identity $User -Picture -FileData ([Byte[]]$(Get-Content -Path $PhotoFile.Fullname -Encoding Byte -ReadCount 0))

To add a photo for an individual user  ;

Import-RecipientDataProperty -Identity "Daniel Blank" -Picture -FileData ([Byte[]]$(Get-Content -Path "\\SERVER\SHARE\photos\Outlook\Daniel Blank.jpg" -Encoding Byte -ReadCount 0))

Finally, to remove a user’s photo:

set-mailbox "Daniel Blank" -RemovePicture

After all that, here is the end result :


Final Thoughts

In all honesty, given the amount of googling, trial and error, and photo editing involved, this was a seriously frustrating project. However, it does seem to have gone down well with management, and the users, so I guess it was worth it.

Hope this saves someone else the amount of pain I had to go through to get this sorted!



Audit File Deletion on Server 2012

We often get complaints that important files have been “deleted” from Shared folders that will need restoring.  Restoring them from backups, or even from Previous Versions, is easy, but sometimes you need to know who removed the file, or when the file was removed.  This is when Auditing comes in to play.

The first step is to enable Auditing on the machine in question (in our case, the server where the Shares reside).  To do this  :

  1. On the Server, go to Local Group Policy management.
  2. Browse to Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Audit Policy –> Audit object Access.
  3. Select “Success” in the options screen (unless you want to also log when users have failed to delete items).

Once the policy is set up you then to configure the auditing itself.  To do this:

  1. Go to the Folder that needs monitoring, right click and select Properties.
  2. Click on the Security tab, then go to Security –> Advanced –> Auditing Tab.
  3. Click the Disable Inheritance button if available.
  4. Click Add then select the principal (i.e. the group or users that you want to monitor) and change the Type drop-down to Success.
  5. In the Basic Permissions, select which events you want to audit (in this case they are the deletion events)
  6. Finally, OK out of the menus, watch as the permissions apply and you are good to go.

To view the audited events, open Event Viewer and under Windows logs, choose the Security logs and then set up a filter for even ID 4663.  This will show you the delete events for the folder.

Regional Options Preference – Group Policy Settings

I recently created a Group Policy change the time / date / currency setting to UK from US.  For some reason, these stettings were not being applied and I couldn’t figure out why.

After a bit of research, I found this post on Experts Exchange explaining why.  To summarise :

In the Regional Options Properties window within Group Policy Management, the setting are, by default, underlined in red (as below)


Whilst being underlined red, these settings are effectively set as disabled.  You’ll notice that when you create a Preference item like the Regional Options, and then save them, when you open them later , the settings you made are just reverted to the defaults.   This is because these settings need to be enabled.  To do this :

F5 – all settings activated (green)  (on the tab you have opened)
F6 – a single setting change from red to green (deactive/active)
F7 – a single setting change from green to red (active/deactive)
F8 – all settings deactivated (red dotted)

Now, for some reason, Microsoft does not specify this anywhere in the window, meaning that unless you happen to know this, there’s no easy way of finding out.