Their are two problems most likely related but I cannot understand how.
1. Installed printers will not get published in AD most of the time. 1/10 actually gets added to the domain directory. (We can still print to the printers, but only by giving a path to our print server, not by browsing the directory).
2. Printers of all different makes, models, and driver types (PS, PCL5, PPD, ECT). are not holding their "enable enhanced printer features" setting for more than 36-52 hours. Literally, we change the printers to provide enhanced features, and after a few days one by one they reorient themselves as basic features only.
Regarding the first problem, yesterday 36 printers (out of about 80) were in our directory. Today our directory only has 16, and none of those live off our primary print server. The ones that held their status as a member of our directory were various local printers and a few off an older, now obsolete pint server.
Pulling my hair out would be an understatement.
Factors that may be contributing
About 5 weeks right after we deployed the new print server our primary DC crashed hard. After a 24 hours shift, we got the DC to relinquish it's roles to what is now our PDC. The hand-off was healthy, but before this about 9 months we also lost a non-primary DC which was not pulled of the network correctly. We finally went through manually and removed/changed/updated all of the dns pointers only recently when our PDC went down.
When we did set up the new print server, we kept it the same name as the old one. This was probably a mistake. Since our PDC went down at the same time as our current print server was put into production, I can't specifically say that it was keeping the name the same which caused us all of these problems. But I suspect it didn't help. Anyway, we renamed our old print server and left it on the network. So now we have three official print servers, the new and old main ones and the backup which is virtualized, and out of those, only the virtualized one is allowing printers to be published.
I have been going through AD to see if the previous network administrator added rules to prohibit printers being published, but if he did they are not where they should be. I have found no rules, and the fact that client machines with dramatically reduced security privileges can publish them but own own server can't leads me to think that it's not an AD rule.
Perhaps related perhaps not is that AD is also not deploying printers to workstations. Using the latest version of AD it is possible to target a group of computers and deploy (without a script) printers based either of login or startup, and it's doing neither.
We only have very basic security rules set up on our printers, and they are all the same.
I'll post more information when I do some more test. In the mean time, if anyone had any ideas it would be great. I don't understand why so many things with identical permissions are acting so differently. Some printers will hold their advanced attributes for days, others seem to lose it faster.
We are a small college environment with about 200 computers. We currently use print tracking software.