Publishing a Print Queue to the Active Directory

Print servers perform the following steps when fulfilling a client request to publish a print queue to the Active Directory.

  1. Locate the domain controller as specified in section 2.3.3.

  2. Determine the distinguished name (DN) for the container representing the print server in the directory. This container is created when the print server joins the domain ([MS-ADOD] section The print server uses the DRSR protocol [MS-DRSR] to determine the DN, as follows.

    • The print server calls the RPC method IDL_DRSCrackNames as defined in [MS-DRSR] section 4.1.4. The input arguments for this call are the following:




      Context handle returned from calling IDL_DRSBind, as defined in [MS-DRSR] section 4.1.3.




      A request with a string containing one name. This is the name of the computer's domain account (<domain>\<computer>, where <domain> is the name of the domain and <computer> is the name of the computer). The formatOffered field is DS_UNKNOWN_NAME, a member of the DS_NAME_FORMAT enumeration defined in [MS-DRSR] section The formatDesired field is DS_FQDN_1779_NAME, also defined in the DS_NAME_FORMAT enumeration.

      If the IDL_DRSCrackNames method is successful, it returns the object name in the requested format, which is the fully qualified domain name (FQDN) in this case ([MS-DRSR] section 4.1.4).

  3. Create the directory service object representing the printer by using the LDAP protocol. The specific steps are as follows:

    • The print server binds to the LDAP server by using the bind operation defined in section 4.2 of [RFC2251]. The version field MUST be set to 3, the name field MUST be a null value, and the authentication mechanism MUST be the GSS_SPNEGO Simple Authentication and Security Layer (SASL) mechanism ( [MS-ADTS] section

    • The print server generates a relative distinguished name (RDN), as defined in section 3.2 of [RFC2251], for the printer object in the directory. This DN is relative to the DN of the computer's directory object determined previously. There are no restrictions on the RDN generated beyond those requirements stated in [RFC2251]. As specified in [RFC2251], the FQDN for the printer object is the RDN generated here, prepended to the DN of the computer's directory object.

    • The print server adds the printer object to the directory and sets the attributes on the object by using exactly one LDAP add operation and any number of LDAP modify operations, as defined in sections 4.7 and 4.9 of [RFC2251]. The printer object MUST conform to the schema for the printQueue Active Directory object class as discussed in section 2.3.2.

      In accordance with the schema, the print server MUST set the required properties of the printer object as part of the LDAP add request. These required properties MUST be set as follows:






      A string containing the machine name of the print server.


      A string containing the fully qualified DNS name, as defined in [RFC819], of the print server.


      A string containing the name of the printer. This corresponds to the pPrinterName field specified in section


      A string containing the UNC name of the printer. This is of the form "\\<serverName>\<printerName>", where <serverName> is the value of serverName as defined in this table, and <printerName> is the value of printerName.

      The print server SHOULD publish to the directory any of the optional attributes specified in the schema for the print queue object class. The print server determines the values for both the mandatory and optional attributes in the schema by querying its internal state or the printer driver associated with the printer, as necessary depending on the print server implementation.<214>

      The print server SHOULD also publish to the directory values previously set under certain predefined keys ("DsSpooler", "DsDriver", and "DsUser") by print clients using calls to RpcSetPrinterDataEx (section If the name of a value under one of these keys matches the name of an attribute in the printQueue object class schema, the print server SHOULD set the value of this attribute in the directory object to the data stored in the printer data value.<215>

      For all attribute values the print server determined by querying internal state or a printer driver, as specified earlier in this section, the print server SHOULD save these values into the printer data corresponding to the printer. Print clients can later access these data values using calls to RpcGetPrinterDataEx (section The print server SHOULD save these values under the predefined "DsSpooler" key if it determined the value by querying internal state or the predefined "DsDriver" key if it queried a printer driver. The print server SHOULD use value names that are the same as the names of the corresponding LDAP attributes.

      If the LDAP add operation fails, the print server SHOULD wait for the retry interval specified in section 2.3.3 and then perform all the steps in this section. If the LDAP add operation succeeds but any LDAP modify operation fails, the print server SHOULD retry, as specified in section, each failed LDAP modify operation.

    • The print server unbinds from the LDAP server by using the unbind operation defined in [RFC2251] section 4.3.