How to Find which DC is pruning your printer queues

When you publishing printer queues on Active Directory, by default the printer spooler save the shared printers info as object inside the printserver computer object.

On DC (generally the site DC of the printserver) by default is running a printers pruning; this job check if the printserver is reachable and if the printer is still shared and if not, delete the printQueue object from AD.

  • Printserver publish by default the printers only at startup (if you what to force the printer publishing just restart the printspooler service)
    This Setting is managed by “Computer Configuration / Administrative Templates / Printers / Check Published State”
  • Dc try to contact the prinserver/printer for 3 time every 8 hours. If for 3 time the prinserver/printer is not reachable then will be unpublished.
    This Setting is managed by “Computer Configuration / Administrative Templates / Printers / Allow Pruning of Published Printers”, “Directory Pruning Interval”, “Directory Pruning Retry”
“The Print Pruner is a thread that runs under the spooler context on all DCs. It
uses ADSI calls ( ADsGetObject, IID_IDirectorySearch->ExecuteSearch) to get the
list of all the printQueue servers in the AD.
To check whether the server is in same site it uses Winsock call (gethostbyname)
and other net APIs (DsAddressToSiteNames,DsGetDcSiteCoverage).
To check if the print queue\print server availability it uses OS APIs
(NetServerGetInfo, OpenPrinter,GetPrinter).
So all the work by pruner is done using ADSI, WinSock and OS functions.”

 

Can happen that for some firewall/network misconfiguration, a DC start to pruning some/every published print queues on regular basis. To find which DC is making too much cleaning, we first try to find the deleted printQueue object:

Find deleted Object

  1. Run ldp.exe as Domain Admin.
  2. On “Connection” menu click “Connect”. You can leave the server name black to connect to the DC on your site.
  3. On “Connection” menu click “Bind”
  4. On “Browse” menu click “Search”. Select the “Base DN” of the domain where you want to retrive tombstones. In “Filter” box use filter “(objectclass=printQueue)”. Under “Scope” select “Subtree”. Click “Options” and under “Search Call Type” select “Extended”. Then add “1.2.840.113556.1.4.417” on “Active Controls” using “Check in”.
    ldp_DeletedObject_PrintQueue_Conf
  5. Close “Search Options” and on “Search” dialog box, click “Run”
  6. On results, find your deleted printer and copy the CN of the deleted printQueue:

ldp_DeletedObject_PrintQueue

 

Find origin of change

Then using repadmin you can find from where this object was updated:

repadmin /showobjmeta [myDC] [CN of object]

repadmin_DeletedObject_PrintQueue

 

Via: https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/

https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s