7

I'm using the ldapsearch.exe binary that was installed along with an Oracle client. It took awhile to tease out the arguments that it wanted, but I'm able to successfully connect to AD and parse out text attributes (given a username, look up an email, etc). But I'd also like to grab the avatar images that Exchange/Lync use. According to some Microsoft documentation I dug up, the attribute name is thumbnailPhoto. I couldn't figure it out at first, but this command doesn't produce angry error messages:

ldapsearch -v -h xxx.yyy.edu -Z -b cn=USERNAME,ou=Computers,ou=yyy,dc=yyy,dc=edu cn=USERNAME thumbnailPhoto

When I run that, I get the following output:

ldap_open( xxx.yyy.edu, 389 )
filter pattern: cn=USERNAME
returning: thumbnailPhoto
filter is (cn=USERNAME)
CN=USERNAME,OU=Computers,OU=yyy,DC=yyy,DC=edu
1 matches

There is no file in the current directory, there is no file in %TEMP%. If I use -t with or without arguments, no files are downloaded. No binary garbage fills the console window. I get identical behavior whether or not I run the command from bash (msys) or cmd.exe.

What gives? It looks like I'm doing everything right. But I'm running out of ways to debug. Am I not even using the right tools?

John O
  • 283
  • 3
  • 15
  • `ldapsearch` should be fine. Do you get useful output if you query text fields (e.g. `... cn=USERNAME givenName`)? Are you sure USERNAME has a `thumbnailPhoto`? Maybe filter by `'(&(cn=USERNAME)(thumbnailPhoto=*))'` instead and also look for `jpegPhoto`. – Hagen von Eitzen Mar 01 '13 at 18:41
  • I should have been using -A. Neither jpegPhoto nor thumbnailPhoto are showing up... but that's weird, because I definitely see my own Lync picture as being set. – John O Mar 01 '13 at 19:00
  • What happens if you explicitly specify that the output should ldif formatted: `ldapsearch -L` ? – Mathias R. Jessen Mar 05 '13 at 20:36
  • Here's an example of [how to do it in C#](https://social.msdn.microsoft.com/Forums/vstudio/en-US/02690cfa-c2c1-43d7-9f82-7d210cb86267/c-code-to-add-and-retrieve-user-photos-from-active-directory?forum=csharpgeneral) that you could maybe get some additional info from. – Will May 11 '15 at 04:19

1 Answers1

3

If you may use powershell instead of ldapsearch, then try this:

$user = Get-ADUser John -Properties thumbnailPhoto
$user.thumbnailPhoto | Set-Content c:\temp\1.jpg -Encoding byte
Vadim
  • 436
  • 3
  • 8