2

Is there any way to add fingerprint templates to active directory? If yes then please suggest number of possible ways.... and if there is any SDK or API through which we can achieve storing fingerprint image to a server ( windows Active Directory )?

1 Answers1

0

Sure... this is kinda' creepy IMO, but you can do it.

enter image description here

First you need to identify a good attribute to use that can store the kind of a data you want, and extending the AD schema is usually a last resort. Prefer to use an existing attribute if possible.

So a fingerprint image... like a JPEG, right?

Well there just so happens to be a handy jpegPhoto attribute on each user account in the directory.

http://msdn.microsoft.com/en-us/library/ms676813(v=vs.85).aspx

There are several ways to interface with Active Directory in a programmatic, scriptable way. But let's use Powershell for this, because Powershell is awesome.

First you'll want to install the Active Directory Powershell module if you don't already have it. A Windows 2008 R2 domain controller for instance, would already have it installed when AD DS was installed. But you can also install it via RSAT (remote server administration tools) on any workstation and target a remote DC. The more recent the Powershell version, the better.

On older versions of PS, you had to explicitly load the AD Powershell module:

Import-Module ActiveDirectory

On newer versions of PS, the module loads for you automatically when you use it.

Next, you want to turn your image into a byte array:

$Fingerprint = [byte[]](Get-Content C:\fingerprint.jpg -Encoding byte)

Next, store your newly encoded finger print image into a user account's jpegPhoto attribute:

Set-ADUser jdoe -Replace @{jpegPhoto=$Fingerprint}

You can verify that the operation was successful by looking at the user's jpegPhoto attribute:

Get-ADUser jdoe -Properties jpegPhoto

If the operation succeeded you'll see a lot of bytes. Your hypothetical finger-print reading application will need to know how to query Active Directory, and render a byte stream back into a JPEG that a human recognizes. (Powershell could do it easily.)

Now it's up to you to wrap this concept up into a script that loops through a bunch of users, and loads the finger print image for each one of them.

Warning: Storing blobs of data in Active Directory causes the database to increase in size, and increases replication traffic. Use small images.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197