One of the most popular script on this blog is the Profile Picture Import. I’ve helped a few people configure this to running daily or weekly depending on how many frequently you would like the profiles to be updated from Active Directory.

Identify the service account

The easiest way to have this script to run is by the Sync account. We can find this in Configure Synchronization Connections your User Profile Service Application. We will need to give account additional permissions to the farm to allow it run SharePoint commandlets.

This account will need Admin Shell access. We will need to enter in the My Site Host site collection URL to give service account permission to run Powershell.

$site = get-spsite "http://mysitehostURL"
Add-SPShellAdmin -UserName contoso\spsync -database $site.ContentDatabase

Adding permission to the UPA

The account running this script will also need access to the UPA. This access will allow the account to run PowerShell without getting Access Denied failures. The easiest way to add the permissions is through Central Admin.

Application Management à Manage Service Applications

Click on the line for the UPA(not the blue link). This will select this line and the ribbon will light up. Then click on the Permissions button in the ribbon.

Type in the User account and click Add. Then click on Full Control and OK.

Setting up Task Scheduler

1. Open Task Scheduler

   

2. Click on Create Task

   

3. Change to Run whether user is logged on or not. Click on Change User or Group. Enter in the service account from above.

   

4. Select the Triggers tab. Click New. Select Daily or Weekly depending on how often you would like it to run. Click OK.

   

5. Click on Actions and the New button. We will want to add “-ExecutionPolicy Bypass -File c:\ProfilePicture\PictureUpload1.3.ps1” to the arguments and just “PowerShell.exe” to the Program/Script. Click OK twice to create the task.

   

6. Right Click on the task and select Run. Then check the log file status of the test run.

After the test run works, the scheduled runs should run without issue. The log file will provide a good reference of failures or successes. Just a reminder, any account running SharePoint commandlets(Powershell), they need Shell access.