Publish printers as AD objects to make installation and configuration a snap

Printer administration in Windows 2000 is easier and more powerful than it is in Windows NT. Microsoft added new printing features to the OS, including the ability to publish printers as Active Directory (AD) objects. When you publish printers as AD objects, you can easily access and manage them from anywhere in the enterprise. Let's examine some cool Win2K printing features that make installing and configuring printers and printing services a breeze.

Publishing Printers to AD
Microsoft integrated Win2K's print subsystem with AD. As a result, users can access the information in AD to locate printers, and administrators can manage printers from within AD. You use printer properties (e.g., printer model, color or black-and-white printing, paper type, physical location) as search criteria to find the information you need.

By default, Win2K print servers, whether they're running Win2K Server or Win2K Professional, publish their shared printers to AD as PrintQueue objects. A PrintQueue object contains a copy of the print server's information about a printer. If you change the printer's configuration on the print server, the change propagates to AD.

The PrintQueue object is in its print server's computer object. However, when you open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in and select a computer in the tree pane, you don't see the PrintQueue objects in the details pane. The snap-in's default view doesn't display computers as containers and therefore doesn't display the computers' subobjects.

To view the subobjects, select Users, Groups, then select Computers as containers from the snap-in's View menu. You can then select any computer to display its subobjects, including PrintQueue objects, in the snap-in's details pane, as Figure 1, page 160, shows.

To publish a printer, the print server communicates asynchronously with the domain controller to send information about the printer to AD. If you have several domain controllers, the print server chooses a domain controller at random, and replication distributes the information to AD across the enterprise.

Print servers running any Win2K Server version automatically share printers and publish them to AD. (The exception is a USB printer, which you must manually share and publish.) However, print servers running Win2K Pro don't share their printers by default—you must manually share the printers. However, sharing a printer in Win2K Pro automatically configures that printer for AD publishing. Select the Sharing tab from the printer's Properties dialog box, then select the List in the Directory check box to publish the printer to AD.

Publishing shared printers to AD requires a bit more work if print servers are running NT and Windows 9x. You can install Windows Script Host (WSH), which Win2K and Win98 include, and execute the pubprn script (pubprn.vbs). You can find pubprn.vbs in Win2K's \%systemroot\%system32 folder.

The script uses the syntax cscript pubprn.vbs servername dspath to publish all shared printers on a server. In the syntax, dspath is the target container's path, which is

"LDAP://CN=<Container>,DC=<Domain>,
DC=<Company>,
 DC=<Com>"

The "LDAP:// entries contain the fully qualified domain name (FQDN) of the target print server. (For more information about publishing NT and Win9x printers, see Zubair Ahmad, "Publishing Objects in Active Directory," http://www.win2000mag.com/, InstantDoc ID 8354.)

Finding and Installing Network Printers
Finding and installing a network printer is easier than installing a local printer. To search AD for a network printer, open the Start menu's Search command and choose For Printers to open the Find Printers dialog box. You can also use the Add Printer wizard in the Printers folder to open the same dialog box. You need to set the In text box at the top of the dialog box to Entire Directory and use the dialog box's tabs to enter search criteria.

The Printers tab contains fields in which you enter a printer's name, location, or model. Partial names work in a begins with manner, so if you enter HP, AD will find printers such as HP LaserJet and HP DeskJet. But if you enter Desk, the search function fails.

The Features tab offers fields for common features that you might want to search for. For example, you might want to find printers that offer color printing, specific minimum resolutions, certain printing speeds, and collating capabilities.

The Advanced tab lets you select criteria settings and qualifiers to your chosen criteria. You can match your criteria against printer properties to locate printers that meet your needs. After you specify your criteria, click Find Now. The system searches the properties of all the printers in AD to locate and return the matching printers, as Figure 2 shows. (If you want to see only the list of available printers, don't select any criteria—just click Find Now.) From the list of returned printers, right-click a printer and choose Connect to install the printer and put its icon in your Printers folder.

You can install as many printers as you want. Installed printers on Win2K and NT 4.0 print servers can maintain drivers for multiple OS platforms, so client users don't need their original OS CD-ROMs to complete the installation.

Group Policies and Printers
Several Group Policies apply to printers, and some of those policies affect how you find printers in AD. You find printer policies in \computer configuration\administrative templates\printers. Figure 3 shows default printer policies. User-based printer policies are also available, but I'll discuss these policies in another article.

All printer policies are set to Not Configured, which means the printers default to the behavior that Win2K presets. You can enable or disable a policy and set appropriate configuration options for that policy.

Win2K presets the Automatically publish new printers in Active Directory policy to publish all shared printers to AD. Unless you have a compelling reason, don't disable this policy.

Several printer policies apply to the pruning service for printers. (By default, this service is turned off.) The pruning service removes a printer from AD if the print server doesn't respond to contact from the pruning service, which runs on a domain controller. If the print server isn't running, the OS assumes that the printer isn't available and removes it from AD.

The pruning service contacts print servers every 8 hours and permits two failed attempts before deleting the printer from AD on the third failed attempt. You can turn the pruning service on and off, change the interval between attempts, change the number of retries, and configure the appropriate policy to change the priority level in which the pruning service runs.

When a Win2K print server has been down and then comes back online, it automatically republishes all shared printers. When any downlevel print server comes back online, you must manually republish printers. Follow the same steps you completed to ini-tially publish the printers (e.g., use the pubprn script).

Printer Location Tracking
One of Win2K's new features is Printer Location Tracking, which works with amazing efficiency in organizations with multiple sites. Printer Location Tracking helps you avoid the frustration of locating a printer with the right capabilities, installing it to the local computer, then discovering that you must take the elevator to pick up your print job.

To use Printer Location Tracking, you need to perform some preliminary configuration chores, such as creating locations within sites, turning on Printer Location Tracking in AD, and changing the printers' properties to link each printer with a location. To create locations, you create subnets that you associate with sites. You create and configure subnets in the Active Directory Sites and Services MMC snap-in, which is on the Administrative Tools menu. Right-click the Subnets container under the site container, and create a new subnet.

After you create the new subnet, open its Properties dialog box and select the Location tab. (The Subnets container doesn't have a Location tab; only the subnets you create in the container offer this configuration option.) Enter a location in the form /location/location, and use as many location levels as you need. For example, if your company is in Pennsylvania and has sites in several cities, you create a subnet that you associate with each site (e.g., /PA/Philadelphia, /PA/Pittsburgh). If your physical offices' range is more extensive, you might have a subnet with the location /US/PA/Philadelphia.

In Group Policies, enable the Pre-populate printer search location text policy to turn on Printer Location Tracking. If you don't enable Printer Location Tracking, Win2K tries to determine nearby printers based on IP addresses and subnet masks, which isn't always an efficient approach.

The last step is to link the printers to the location. Open a printer's Properties dialog box and you'll see a new Browse button to the right of the Location text box on the General tab. Click Browse to open the Browse for Location dialog box, then select the location, which you'll see at the bottom of the displayed hierarchy. This action transfers the selected location to the printer's Location text box in the form /location/location/. You can enter additional location information after the last slash. For example, to the location /PA/Philadelphia/Floor3, you could add the location Room 309 (i.e., /PA/Philadelphia/Floor3/Room309).

After you enable Printer Location Tracking, AD automatically prepopulates the Find Printers Location text box with the appropriate location for your site and subnet. Clicking Find Now returns all the nearby printers, as Figure 4 shows. Nifty!

Powerful Stuff
Win2K's powerful printing features far surpass those of earlier Windows versions and make printer administration a piece of cake. In a future column, I'll discuss the manageability features Microsoft built into Win2K and show you how to maintain, monitor, and tweak printers across the enterprise from the comfort of your desktop.