I'm transitioning from an old Active Directory (AD) setup to a Microsoft Intune-centric environment for my staff's Windows computers. While around 40-50% of them will be getting new laptops soon that will be managed by Intune (and won't be part of the AD), I need a way for these devices to print to a server that's still part of the old AD domain. The printer queues are managed by PaperCut on a Windows server connected to the AD, and I noticed that while the print sharing is set to 'Everyone = Print', my Intune-managed devices prompt for credentials but ultimately deny access. Has anyone faced this before or have any suggestions on how to solve this issue? Also, I've found that the PaperCut Mobility Print option works for now, but I'm looking for a more automated solution down the line as I aim to phase out the old AD entirely.
6 Answers
PaperCut Mobility Print is free, and it might be just what you need! You can download it [here](https://www.papercut.com/get/mobility-print/). It could solve your printing issues with the Intune devices by creating a bridge without needing full AD access.
Look into KDC Cloud Trust; it can allow users to interact smoothly with the domain even on Azure AD machines. It might be worth exploring if you still have some AD elements in play.
Could you consider direct IP printing from the Intune devices to the printers instead? That way, you wouldn't have to rely on the old AD setup at all.
Are you using Entra Connect between your on-premises domain and Entra? If there's visibility to the Domain Controller (DC), it might work smoother. Check out Microsoft's documentation on this.
You should definitely check out PaperCut Mobility Print. I had to set up a mobility print queue specifically to enable our managed devices to print without issues. It’s worked out great for us!
I already had Mobility Print for our Chromebooks but hadn't considered it here. Thanks for the tip! It works well, though I wish I could automate the setup a bit more. Can't beat the result and value, though!
We switched to PrinterLogic, and it's been working really well for us since moving away from AD. You might want to give it a look!
I appreciate the suggestion, but my goal is to eliminate the old AD domain altogether and avoid mixing it with the new Microsoft 365 setup. It's time to move on from the outdated settings we've been dealing with!