When you go from a traditional IT operation model to modern based on Azure AD and Intune, you will have a migration period with resources in both camps. Typically, endpoints first go to the cloud while well-established services lag behind. Learn how to install printers from AD printserver on AAD joined computers.
This does not have to tie the endpoints to the ground. You can move your computers to pure Azure AD join, and still have access to on-premises services in Active Directory as long as the identities are hybrid.
Some tend to use Hybrid Azure AD Join (HAADJ) since they have some legacy traditions of device and application management. HAADJ can thus be tempting, but in the long run it will give more headache than pleasure. The best approach is to move the endpoints to pure Azure AD Join devices and then put more effort into adapting to the new operational environment offered by Microsoft Endpoint Manager.
Printers and print servers are one example of services that tends to be strongly attached to the premises, even though there are great alternatives in the cloud with Microsoft Universal Print or 3rd parties like Printix.
Read my separate post on Microsoft Universal Print:
Simon does Easy Universal Print With The Revitalized Microsoft 365 Plans (skotheimsvik.no)
With the hybrid identity signed in to the Azure AD joined Windows device, you can also use the existing Active Directory joined print server. I have created a Powershell script which can be used with Microsoft Endpoint Manager to distribute printers on a print server to Azure AD joined computers. This can be a great approach to make the move to the cloud more resilient, even though you will lose much of the borderless functions from a pure cloud-based print solution.
The script is available on my GitHub.
The print server will add the driver to the store, install the driver, create the printer port and finally install the printer on the computers. You can adopt this to your environment by easily adding printer queues from the print server to the array found in the script. Alternatively you can select all printers on a printserver, or even filter printer queues by name. Here are to alternatives for populating the $printers array:
One idea could be to construct one script pr. department and assign it to corresponding groups. If you are smart and consistent on your naming conventions, you can make automatic mapping of department groups and printer queues. Feel free to adopt this script to your needing.
The script can be published to the computers as a Powershell Script in Microsoft Endpoint Manager. Running the script as the system context will make the script runs with admin privileges. The “Local System” account will then be used and this account has admin privileges on the device.
To use this solution, the client need line-of-sight access to the print server on premises.
If you are thinking of shutting down the print server without wanting to use the aforementioned cloud solutions for managing printers, I recommend taking a look at Ben Whitmore’s routine for installing print drivers and printers from Intune or take a look at the routine from Jordan Hammond. Rudy Ooms also consistently has good information on the subject of deploying intune printer drivers. Recently Nicklas Ahlberg has released a great tool for rocking the printer distribution.
If you create intunewin file with printerdrivers, it can be good to test the file before publishing. This can be done in a lab environment, or by using the routine for testing intunewin files in Sandbox developed by Maciek Horbacz.
Personally I don’t care much for printers. I prefer the digital format of the documents and leave the paper industry to handle the toilet paper. At that point, digitalization has not come as far. Yet.
Picture: Security challenge in earlier times: Prosecutor Boman looked forward to the world going paperless. This would reduce the risk of unauthorized access to the data.
Foto source: Roar Thon
No extra charge for the mistakes – solution shared as it is – use it at your own risk.
Thanks for reading – please share and comment