Uncovering the mysteries of the missing user profile images
Table of Contents
What is user profiles?
Users profiles is a mysterious place, it’s a database of users from your AD, but mirrored to SharePoint, it’s also the foundation of Delve, it also provides additional fields that aren’t in the AD, for people to populate themselves, such as skills, education and projects you’ve worked on.
It does however seem like Microsoft is moving this stuff to other platforms, and slowly killing off delve, such as the pronouns feature ending up in the Azure AD, cover photos in Viva engage, and the whole myaccount page which as been getting overhauled. - *this is all my best guess, I have seen no official statements from Microsoft to back this up! - so take it with a grain of salt *
The profile photo issues
A common issue for quite some years now has been IT updating the profile photo in the Active Directory and it for some reason not syncing to SharePoint, this would give a super detached experience where you could see a user without an image, hover your mouse over them, have the profile card pop up only for them to have a picture in the card.
Now Microsoft is slowly moving their official web parts to use the Graph API to pull photos, so the out of the box experience is surely getting better, but many old custom web parts will still have issues (there are 90 references to userphoto.aspx in the PnP SPFx samples) and it’s still not possible to use the graph API in column formatters, so it’s hard to do a low-code solution that has access to the right photo.
So we really do need that photo to be in sync! - but unfortunately it seems to get out of sync, or just not sync more often then what’s reasonable, and for a myriad of reasons that aren’t clear to neither users or IT, heck I still haven’t found a “one size fits all” explanation, but I’ve found a few things that I would like to address.
Prerequisites for images to sync
It is a requirement that the user has a Exchange Online Mailbox, just having the license isn’t enough, so if you’re running an hybrid environment with exchange on prem, this is because there actually isn’t any OOTB sync from Azure Active Directory to SharePoint Online, it’s actually a Azure Active Directory to Exchange to SharePoint, and only upon the user requesting a photo of themselves (visiting a SharePoint page) this is also why it can sometimes take days for the full sync to complete.
What can be done
It’s more then possible to manually sync the photos around the sync job, but before we go down that path, Microsoft somewhat recently released a pretty neat tool that’ll help you diagnose why a single user isn’t getting their photo updated, it’s in the admin center, give it a try if you’re still having issues, syncing manually is definitely an option.
Manually syncing
The photos are stored in the my-sites site collection: https://{Tenant}-my.SharePoint.com in a document library named ‘Profile Picture’ (or whatever that translates to in the tenants original language.. yes they localized that location)
In here there will be three photos for each user, named based on the users guid from the AAD:
| Name | Dimensions |
|---|---|
| <User Object ID>_SThumb.jpg | 48x48 |
| <User Object ID>_MThumb.jpg | 72x72 |
| <User Object ID>_LThumb.jpg | 300x300 |
After this you can set the PictureURL property on their user profile and it’ll update all around SharePoint almost instantaneously.
Unfortunately this cannot be done with application permissions, you need a legacy ACS authentication with Full control on both social and content at tenant level, which is frustrating.
FULL DISCLOSURE! - I have no idea if this breaks the sync from exchange, or if exchange just overwrites after a few days, do it at your own risk.
TL;DR
Microsoft doesn’t seem to care about the photos not syncing as they might slowly be killing off user profiles.
If your sync is not running check the following:
- User has photo in Azure Active Directory
- And is not a guest
- User has an exchange online mailbox
- User has signed into SharePoint Online a few days after photo has been added to AAD
Try Microsofts own diagnostics tool
If for some reason it’s not possible to fix one of the prerequisites, it’s possible to manually sync the photos around the built in sync job.