Set-UserPhoto doesn't work with CBA flow in EXO V2 module

Hans Hedman 56 Reputation points
2020-09-17T12:36:24.117+00:00

We have an Exchange hybrid organisation where all users are migrated to Exchange online. I have been using a script to update user photos in the local AD but because of the limitations with Azure AD Connect, I'd like to script the upload of photos to Exchange Online.

Since basic authentication isn't going to be supported for much longer I'd like to use modern authentication using the Exchange Online PowerShell V2 module that supports MFA and app-only authentication.

I have followed the guide on Docs on how to register an App in Azure AD and to be sure that there isn't a rights issue I have given the App the role of Global Administrator.

But I get an error message when trying to set the user photo.
These are the commands I use (sensitive data replaced with xxx):

Connect-ExchangeOnline -CertificateThumbPrint “xxxxxx” -AppID “xxx-xxx-xxx-xxx-xxxx” -Organization “myorg.onmicrosoft.com” -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxyMethod=RPS
Set-UserPhoto -Identity hanstest -PictureData ([System.IO.File]::ReadAllBytes("C:\Install\be2.jpg")) -Confirm:$false

Which results in the following response:

Error on proxy command 'Set-UserPhoto -Identity:'hanstest' -PictureData:'255','216' ... ,'217' -Confirm:$False' to server AM6PR05MB5523.eurprd05.prod.outlook.com: Server version 15.20.337
0.0000, Proxy method RPS:
Connecting to remote server am6pr05mb5523.eurprd05.prod.outlook.com failed with the following error message : ば鸣˅ For more information, see the about
_Remote_Troubleshooting Help topic. [Server=DB8PR05MB6745,RequestId=311495a1-a0c5-4e8e-ba54-b8e539667afb,TimeStamp=2020-09-17 10:08:53] .
    + CategoryInfo          : NotSpecified: (:) [Set-UserPhoto], CmdletProxyException
    + FullyQualifiedErrorId : [Server=DB8PR05MB6745,RequestId=311495a1-a0c5-4e8e-ba54-b8e539667afb,TimeStamp=2020-09-17 10:08:53] [FailureCategory=C
   mdlet-CmdletProxyException] B833102,Microsoft.Exchange.Management.RecipientTasks.SetUserPhoto
    + PSComputerName        : outlook.office365.com

To confirm that there's nothing wrong with the actual photo and command syntax I have tried with basic authentication and that works. Here are the commands I use for that:

$Credential = Get-Credential
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxyMethod=RPS -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $ExSession
Set-UserPhoto -Identity hanstest -PictureData ([System.IO.File]::ReadAllBytes("C:\Install\be2.jpg")) -Confirm:$false

Assistance on how to make it work with the EXO V2 module would be most welcome. Thanks.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,116 questions
{count} votes

14 answers

Sort by: Most helpful
  1. Navin Gupta 11 Reputation points
    2020-11-17T09:24:50.31+00:00

    Hi everyone

    Support for Set-UserPhoto in CBA is a big DCR which we are currently investigating.
    At this point, we don't have a clear ETA on when this cmdlet will be supported in CBA.

    2 people found this answer helpful.
    0 comments No comments

  2. Vin Latus 11 Reputation points
    2021-01-08T15:23:09.607+00:00

    I have a similar scenario with Set-UserPhoto and would love to see it supported. Thanks.

    2 people found this answer helpful.
    0 comments No comments

  3. Anonymous
    2020-09-23T14:41:12.997+00:00

    Our automation scenario involves setting a photo for employees and contractors. When staff begin working, a photo for their badge is taken. It is named using a convention, and a daily process executes to associate the new badge photo with their Azure AD account and mailbox. In a company with tens of thousands of staff, having hundreds of staff changes each week, automation keeps administrative costs down.

    The workaround is to create a cloud-only account. However, this account needs Exchange.ManageAsApp, effectively making the account an Exchange administrator. Security dictates that this account utilize MFA, and rightly so. Thus, the workaround is not a good long-term solution.

    1 person found this answer helpful.
    0 comments No comments

  4. Hans Hedman 56 Reputation points
    2020-09-24T06:57:54.937+00:00

    OK, title has been updated.
    Our situation is the same as Pete's. The HR departments supply photos in a folder and a script updates each user. Since basic authentication is to be deprecated soon then it is essential that this works with certificate based authentication.

    1 person found this answer helpful.
    0 comments No comments

  5. Andy David - MVP 139.8K Reputation points MVP
    2020-09-17T13:33:43.377+00:00

    Ok, I can reproduce this. Looks like a bug.

    I would enable logging:

    https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#report-bugs-and-issues-for-the-exo-v2-module

    Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath <Path to store log file> -LogLevel All  
    

    Then submit a bug report to:

    exocmdletpreview@service.microsoft.com