User Photo updates synchronized from on-prem AD

Question

I have a question about how to update user photos that were originally synchronized from on-prem active directory. We are still using AAD Connect to sync on-prem data from AD to Azure and we have no other on-prem services. Everything else is in the cloud (EOL, SPO, etc). Initially, when a new user account is created, we use the AD Photo Edit tool to upload the photo to AD, then when the account is synchronized with AAD, the photo will show in all online services. However, when the photo needs to be updated (HR usually does this to keep them professional) the new photos do not work anywhere. It will never update in any online service. Is that synchronization a one-time thing and you then have to use Powershell to update them? How does that photo sync process work?
Maybe I've been looking in the wrong place online, but I can't find any good information to explain how it works, but only how to use Poweshell to update\upload photos. It looks like an update to AD should sync that updated attribute to AAD as well.

Answer 1

@David Hood
Thank you for the detailed post! As mentioned by @Manu Philip , you can follow those steps to update a user photo in the Azure Portal.

However, based off our Azure AD Connect sync: Attributes synchronized to Azure Active Directory documentation, the thumbnailphoto attribute is "synced only once from Azure AD to Exchange Online after which Exchange Online becomes source of authority for this attribute and any later changes can't be synced from on-premise". This also applies to SharePoint Online, Teams, and Skype for Business.

Solution:
Use the Set-UserPhoto cmdlet or Outlook on the web to change the user's photo. These methods enable you to upload a photo that's as large as 500 KB.

Use the Set-UserPhoto cmdlet (for admins):
1.Connect to Exchange Online by using remote PowerShell. For more info - Connect to Exchange Online PowerShell.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange  
-ConnectionUri https://outlook.office365.com/powershell-liveid/?proxyMethod=RPS  
-Credential (Get-Credential) -Authentication Basic -AllowRedirection  

Import-PSSession $Session -AllowClobber -WarningAction SilentlyContinue  
-ErrorAction SilentlyContinue  

Note - To use the Set-UserPhoto cmdlet to its full size capabilities, you have to change the connection URI by appending ?proxyMethod=RPS to the ConnectionUri parameter.
For more info on the remediation steps - User photos aren't synced from the on-premises environment to Exchange Online in a hybrid deployment.

Additional Links:
Profile Picture Syncing Issue in Exchange Online
Azure AD Profile Pictures not updating in an Exchange Hybrid deployment
Azure AD user picture is not synced / updated from Office 365

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

---

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

You can update the user photo in Azure Portal by following the steps below:

1. Login to Azure portal and open the Azure Active Directory Blade
2. Open Users from Manage section
3. Click the user you would like to change the photo
   
4. Select 'Edit' and 'Select the file' option to select a new photo.
5. Save the changes to reflect the new photo

----------

If the Answer is helpful, please click "Accept Answer" and upvote it