I have only one machine and no AD to work with so I don't know if this will work, but it should get you started.
$ConsoleUser = Get-WMIObject -class Win32_ComputerSystem | Select-Object username
$AllowedPrinters = Get-ADUser -Filter {Name -eq $ConsoleUser} -Properties memberOf | # verify that "Name" is the right property to use in filter!
ForEach-Object{
$grpname = (Get-ADGroup $_).name
$printername = ""
if ($grpname -like "Printer - *" -or $grpname -like "DefaultPrinter - *"){
$printername = $grpname.substring($grpname.lastindexof(" "))
}
}
# get all networked printers -- I think this returns only the printers for the current user and not ALL printers!
$InstalledNetPrinterNames = Get-WMIObject Win32_Printer | Where-Object {$_.Name -like "*\\*"} |
ForEach-Object{
($_.Name -split "\")[3]
}
# remove printers that are installed but shouldn't be
$InstalledNetPrinterNames |
ForEach-Object{
if ($AllowedPrinters -notcontains $_){
Remove-Printer $_
}
}
# add printers that are allowed but not yet installed
$AllowedPrinters |
ForEach-Object{
if ($InstalledNetPrinterNames -notcontains $_){
# Add the network printer name ($_) here
}
}