Univention Bugzilla – Bug 45218
Deploy Printers via Group Policy instead of univention-printer-assignment
Last modified: 2020-07-14 11:09:50 CEST
We should check if the job done by univention-printer-assignment could not be done more easily via the Microsoft recommended procedure: Deploying Printers by Using Group Policy: https://technet.microsoft.com/en-us/library/cc754699(v=ws.11).aspx We already extended the S4-Connector to replicate the objects required for this (Bug 40298). Keywords for Bugzilla search: msPrint-ConnectionPolicy PushedPrinterConnections
I recommend looking into this method because there's currently no officially supported way of assigning printers in an automated fashion. univention-printer-assignment is only maintained as a cool solution.
Just a quick brain dump from my test yesterday, before the test VM gets reverted and the GC hits my brain: When you do this via the MS printermanagement.msc tool, it generates a Sub-container cn=PushedPrinterConnections below an existing GPO (choosable by user), either below the Machine or the User part of the GPO, depending on which target type it should apply to. Below that new container it stores the UNC Path for the printer to be pushed: =========================================================================== dn: CN={8662D975-F791-4BF9-9398-51109C9B6FA1},CN=PushedPrinterConnections,CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ar41i1,DC=qa objectClass: msPrint-ConnectionPolicy cn: {8662D975-F791-4BF9-9398-51109C9B6FA1} uNCName: \\master10.ar41i1.qa\drucker1 serverName: \\master10.ar41i1.qa printerName: drucker1 =========================================================================== So this seems to be purely LDAP, no sysvol files involved. That's all there is for the technological basis. Now there is the question how to make this configurable for the admin (CLI-Tool? UMC?). I don't knwon how univention-printer-assignement does this, maybe we should keep it on CLI level as a start. The User just has to answer a couple of Questions: 1. Which printer 2. Via which GPO (implying which objects it applies to) 3. Which target type: machine level or user level For point 2, an interactive tool could also show, which objects a chosen GPO links to (samba-tool can do that AFAIK). That would be something that the MS tool does not offer, for example.
univention-printer-assignment adds an Extended Attribute to group objects that stores a list of assigned printers. Usually, the computer room group is chosen because the link between room/computer and printer is the desired one in most cases.