Are their any known issues with storing employee photos in AD provided you store them in the compliant sizes and formats?
Is there a critical mass that you break or could corrupt AD databases?
I'm trying to understand some of the server teams deep concerns with our intent to store employee photos in AD... they fear it will corrupt the database or replication issues will occur globally, etc.
We're about a 3,000 employee company.
Of course it won't break AD. AD is very scaleable and while there are ways to corrupt it simply storing large amounts of data in it will not effect this. Many organizations store photos along with other largeish data items like encryption keys in AD.
What will happen is that replication traffic will significantly increase (a lot while adding the photos initially, and a little while adding each user's photo as new people are hired), because all the new photos that are added to AD will have to be replicated. Additionally, the size of your AD database will increase. This isn't likely to be significant for any reasonably provisioned server for an organization of 3000. The maximum size of the stored photo is 1MB, and given that it's supposed to be a thumbnail the actual size should be significantly less than that. In your organization this represents (well) under 3GB of data.
That said, if you run your domain controllers on minimal amounts of disk you should ensure that there will be enough space for the data (but if the disk was provisioned that lean you'd have issues doing windows updates as well).
There is one issue that isn't technical, that of security.
You haven't indicated how the permissions of these pictures will be set up. In specific, if you have photo ID badges like a lot of large companies and you are thinking of adding these pictures to AD then they should not make then accessible to the whole business as part of a phonebook or directory lookup.
It is trivial in this day and age to print your own access badge and having access to the same "security" pictures means anyone in the company can print out a fake pass for anyone else.
I'm not saying don't have pictures but if you use ID cards with photo's then have two pictures, one for security and one for the phonebook, website etc.
