Tuesday, June 28, 2022

Install printers from AD printserver on AAD joined computers

When you go from a traditional IT operation model to modern based on Azure AD and Endpoint Manager, you will have a migration period with resources in both camps. Typically, endpoints first go to the cloud while well-established services lag behind. 

This does not have to tie the endpoints to the ground. You can move your computers to pure Azure AD join, and still have access to on-premises services in Active Directory as long as the identities are hybrid. 

Some tend to use Hybrid Azure AD Join (HAADJ) since they have some legacy traditions of device and application management. HAADJ can thus be tempting, but in the long run it will give more headache than pleasure. The best approach is to move the endpoints to pure Azure AD Join devices and then put more effort into adapting to the new operational environment offered by Microsoft Endpoint Manager.

Printers and print servers are one example of services that tends to be strongly attached to the premises, even though there are great alternatives in the cloud with Microsoft Universal Print or 3rd parties like Printix. With the hybrid identity signed in to the Azure AD joined Windows device, you can also use the existing Active Directory joined print server. I have created a Powershell script which can be used with Microsoft Endpoint Manager to distribute printers on a print server to Azure AD joined computers. This can be a great approach to make the move to the cloud more resilient, even though you will lose much of the borderless functions from a pure cloud-based print solution.

The script is available on my GitHub


<#
  .NOTES
  ===========================================================================
   Created on:    23.06.2022
   Created by:    Simon Skotheimsvik
   Filename:      Win11-AddPrintersFromPrintserver.ps1
   Instructions:    https://skotheimsvik.blogspot.com/2022/06/install-printers-from-ad-printserver-on.html
  ===========================================================================
 
  .DESCRIPTION
    This script will connect printers from a printserver to an Azure AD joined
    Windows11 device with user signed in with a hybrid identity.
   
  .EXAMPLE
    Win11-AddPrintersFromPrintserver.ps1
#>

$printers = @(
  '\\printserver\printer1'
  '\\printserver\printer2'
  '\\printserver\printer3'
  '\\printserver\printer4'
)

ForEach ($printer in $printers) {
  $IsInstalled = [bool](Get-Printer | Where-Object { $_.Name -eq $printer })
  if (-not $IsInstalled) {
    Add-Printer -ConnectionName $printer -ErrorAction Stop
  }
}

The print server will add the driver to the store, install the driver, create the printer port and finally install the printer on the computers. You can adopt this to your environment by easily adding printer queues from the print server to the array found in the script. Alternatively you can select all printers on a printserver, or even filter printer queues by name. Here are to alternatives for populating the $printers array:

# $Printers = (Get-Printer -ComputerName PrintServer).Name
# $Printers = (Get-Printer -ComputerName PrintServer | Where-Object {$_.Name -like "Simon*"}).Name

One idea could be to construct one script pr. department and assign it to corresponding groups. If you are smart and consistent on your naming conventions, you can make automatic mapping of department groups and printer queues. Feel free to adopt this script to your needing. 

The script can be published to the computers as a Powershell Script in Microsoft Endpoint Manager. Running the script as the system context will make the script runs with admin privileges. The "Local System" account will then be used and this account has admin privileges on the device.


Complementary information

To use this solution, the client need line-of-sight access to the print server on premises.

If you are thinking of shutting down the print server without wanting to use the aforementioned cloud solutions for managing printers, I recommend taking a look at Ben Whitmore's routine for installing print drivers and printers from Intune or take a look at the routine from Jordan Hammond. Rudy Ooms also consistently has good information on the subject of deploying intune printer drivers

If you create intunewin file with printerdrivers, it can be good to test the file before publishing. This can be done in a lab environment, or by using the routine for testing intunewin files in Sandbox developed by Maciek Horbacz.

Personally I don't care much for printers. I prefer the digital format of the documents and leave the paper industry to handle the toilet paper. At that point, digitalization has not come as far. Yet.

Security challenge in earlier times:
Prosecutor Boman looked forward to the world going paperless.
This would reduce the risk of unauthorized access to the data.
Foto source: Roar Thon


No extra charge for the mistakes - solution shared as it is - use it at your own risk.

Thanks for reading - please share and comment

No comments:

Post a Comment