Directory printers not completely visible and accessible for Domain users when using add printer wizard

In our domain we run our printers exclusively through a single 2008R2 Print Server.  Clients are Win 7 32 bit.  I am unsure what exactly happened but it seems like some permissions have changed for our domain users when trying to add a printer from the control panel, devices and printers.  They cannot completely view printers in the directory.

When users try to add a network printer using the wizard, no printers will be found and it times out searching for available printers.  If you select "The printer that I want isn't listed" and When you try to "Find a printer in the directory, based on location or feature", this happens:

printer list screenshot
It lists all the printers, but only the Server Name and Comment section actually has text.  Name,   When trying to add one of these "blank" printers, users get "Unable to add the printer connection, Double check the printer name and make sure that the printer is connected to the network."  

The strage part: Domain users have no issue at all and can successfully add printers when connecting to the print server via explorer and UNC "\\PrintServername\printer_name" method or in the add printer wizard under the "select a shared printer by name" by browsing to our print server.

When logging into the same windows 7 client as a domain admin and trying to add the printer from that print server, I have no issues at all.  The printer search will list all the directory printers and so will the 'find a printer in the directory based on location or feature displays all information about the shared printers on our print server and can successfully add printers.

Troubleshooting:  I have reviewed the printer permissions in print management for our print server.  We give everyone the "print" right.   I have unlisted, restarted the spooler service, then re-listed all the printers in the directory.  I have moved the print server out of it's OU into the generic with no GPO's and forced and gp update with the print server with no luck.  All the printer objects are visible in ADUC and also in ADSI Edit.

I don't think it's a problem on the print server since users can connect and print via unc path to shared printers. But an issue with rights to view, read, or list 'stuff' in the directory for Domain users.
erbdeAsked:
Who is Participating?
 
erbdeConnect With a Mentor Author Commented:
I have found the solution!  There were some AD Schema permission issues.  Authenticated Users were set only at the top level with 'read' access.  I had to change the permissions to inherit down the entire hierarchy.
0
 
MHMAdminsCommented:
I would check the security tab of the printers and make sure they at least have read/manage printers for the domain users group on the printers on the print server.
0
 
erbdeAuthor Commented:
I have changed Everyone to "print, manage printers, and view server" with no success.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
MHMAdminsCommented:
Have you tried to restart the print spooler service on the server?
0
 
erbdeAuthor Commented:
Several times during my troubleshooting I have restarted the spooler service.  Again, this issue is only happening with regular domain users.  As a domain admin, I have to problems listing directory printers or connecting to them via the add printer wizard.  Something somewhere is preventing domain users from properly listing directory printer content.  I'm at a loss right now as to why.
0
 
MHMAdminsCommented:
Are all updates applied to the windows 7 clients?
0
 
erbdeAuthor Commented:
Yes, updates are applied weekly via shavlik protect as our update repository.
0
 
MHMAdminsCommented:
How long are the printer names, sometimes there may be a character limit and you may need to shorten the name for it to show up.
0
 
MHMAdminsCommented:
If none of those work, try to go into printer server, remove the printer setting that says list in the directory, and then re-apply the list in the directory option and see if it will re-establish the printer info.
0
 
erbdeAuthor Commented:
In my question above in troubleshooting steps I have already tried that with no luck.  Also, the printers show up in the directory when domain admin accounts log in.
0
 
erbdeAuthor Commented:
Through troubleshooting, I discovered that the AD schema permissions needed to be 'read' and applied to all descendant objects.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.