Solved

Directory printers not completely visible and accessible for Domain users when using add printer wizard

Posted on 2013-11-06
11
1,165 Views
Last Modified: 2013-11-26
In our domain we run our printers exclusively through a single 2008R2 Print Server.  Clients are Win 7 32 bit.  I am unsure what exactly happened but it seems like some permissions have changed for our domain users when trying to add a printer from the control panel, devices and printers.  They cannot completely view printers in the directory.

When users try to add a network printer using the wizard, no printers will be found and it times out searching for available printers.  If you select "The printer that I want isn't listed" and When you try to "Find a printer in the directory, based on location or feature", this happens:

printer list screenshot
It lists all the printers, but only the Server Name and Comment section actually has text.  Name,   When trying to add one of these "blank" printers, users get "Unable to add the printer connection, Double check the printer name and make sure that the printer is connected to the network."  

The strage part: Domain users have no issue at all and can successfully add printers when connecting to the print server via explorer and UNC "\\PrintServername\printer_name" method or in the add printer wizard under the "select a shared printer by name" by browsing to our print server.

When logging into the same windows 7 client as a domain admin and trying to add the printer from that print server, I have no issues at all.  The printer search will list all the directory printers and so will the 'find a printer in the directory based on location or feature displays all information about the shared printers on our print server and can successfully add printers.

Troubleshooting:  I have reviewed the printer permissions in print management for our print server.  We give everyone the "print" right.   I have unlisted, restarted the spooler service, then re-listed all the printers in the directory.  I have moved the print server out of it's OU into the generic with no GPO's and forced and gp update with the print server with no luck.  All the printer objects are visible in ADUC and also in ADSI Edit.

I don't think it's a problem on the print server since users can connect and print via unc path to shared printers. But an issue with rights to view, read, or list 'stuff' in the directory for Domain users.
0
Comment
Question by:erbde
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39627407
I would check the security tab of the printers and make sure they at least have read/manage printers for the domain users group on the printers on the print server.
0
 

Author Comment

by:erbde
ID: 39627448
I have changed Everyone to "print, manage printers, and view server" with no success.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39627452
Have you tried to restart the print spooler service on the server?
0
 

Author Comment

by:erbde
ID: 39627496
Several times during my troubleshooting I have restarted the spooler service.  Again, this issue is only happening with regular domain users.  As a domain admin, I have to problems listing directory printers or connecting to them via the add printer wizard.  Something somewhere is preventing domain users from properly listing directory printer content.  I'm at a loss right now as to why.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39627521
Are all updates applied to the windows 7 clients?
0
 

Author Comment

by:erbde
ID: 39627555
Yes, updates are applied weekly via shavlik protect as our update repository.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39627830
How long are the printer names, sometimes there may be a character limit and you may need to shorten the name for it to show up.
0
 
LVL 9

Expert Comment

by:MHMAdmins
ID: 39627837
If none of those work, try to go into printer server, remove the printer setting that says list in the directory, and then re-apply the list in the directory option and see if it will re-establish the printer info.
0
 

Author Comment

by:erbde
ID: 39628020
In my question above in troubleshooting steps I have already tried that with no luck.  Also, the printers show up in the directory when domain admin accounts log in.
0
 

Accepted Solution

by:
erbde earned 0 total points
ID: 39667031
I have found the solution!  There were some AD Schema permission issues.  Authenticated Users were set only at the top level with 'read' access.  I had to change the permissions to inherit down the entire hierarchy.
0
 

Author Closing Comment

by:erbde
ID: 39677066
Through troubleshooting, I discovered that the AD schema permissions needed to be 'read' and applied to all descendant objects.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now