Friday, August 9, 2013

How to debug user missing picture issues on SharePoint 2013

If you are supporting SharePoint application long enough, you might constantly get support request that users are missing pictures. There are many different reasons that users are missing pictures. We will discuss the how to debug and some tips to resolve in details.

SharePoint 2013 now has three methods for sync process.
  • SharePoint Profile Synchronization (lightweight FIM)
  • Active Directory Import
  • External Identity Manager (C#)
As we described before, you should not use SharePoint 2013 new Active Directory Import feature for picture sync at this time since it does not seem to sync the AD’s thumbnailPhoto attribute. We are still working with Microsoft to debug this issue. In this article, we will focus the tips on SharePoint 2013 User Profile Synchronization Service Application for picture sync.

The most common issue is some users missing pictures everywhere inside SharePoint. In this case, those users’ pictures may not synced to SharePoint. You would need to review the User Profile Synchronization Service Application. There are many good articles to provide step by step importing user photos from active directory into SharePoint 2013 from User Profile Synchronization Service Application.  Here is the summary for the procedure.

1. Create UPA AD Sync Connection using FIM
2. Configure the Picture profile property as the following:
a. Picture (Type URL), replicable, do not allow user to edit values for this property
b. Attribute: thumbnailPhoto , Import
3. Make sure sync process account have Replicate Directory Changes permission on the domain with which you'll synchronize. See Microsoft site for details.
4. Run a full synchronization
5. Run Update-SPProfilePhotoStore –MySiteHostLocation http://mysitehost –CreateThumbnailsForImportedPhotos:$true
a. Make sure you use the optional parameter CreateThumbnailsForImportedPhotos
b. Make that both the Distributed Caching process account and the account you’re using to run the cmdlet have Full Control permissions in UPA, otherwise you’ll get an exception.

There are several ways to debug User Profile Synchronization Service Application missing picture issue.
One way is to verify mysite user photos list - go to http://my/User%20Photos to see the imported photos and thumbnails for the user as in the picture.

The second way is to verify the FIM logs - invoke the file
..\Program Files\Microsoft Office Servers\15.0\Synchronization Service\UIShell\miisclient.exe. You could select the users whether the Picture attribute filled in binary.

The third way is to verify user Sync database on sync process - check User_Sync_DB and run the query after FLL sync completed

Select sAMAccountName,PictureURL from MMS_Metaverse  with(nolock) Where SAMAccountName = 'userID'

The forth way is to verify profile database - check User_Profile-DB after run the Update-SPProfilePhotoStore command

Select NTname,PictureURL from UserProfile_full with(nolock) where NTName = 'domain\userID'

The fifth way is to verify whether AD  thumbnailPhoto attribute has the binary photo - See blog for details.

Another common issue is some users have pictures inside users photos but are missing pictures when you view the permissions. You could go to display the hidden user list http://webapp/siteURL/_catalogs/users/simple.aspx. If you select "Detailed View" you could verify which user is missing picture. You could set the pictures from user photo list to the site using powershell script. We will share the script in later time.


  1. Hi, do you have an update on ADI not importing AD profile pictures ? Is this a confirmed issue ? Is MS working on a fix ? Any help appreciated, Cheers, Steven

  2. This is as designed. ADI will NOT import pictures.