Print Server Azure AD DS

Question

Hello Team,

I hope you're doing fine,

I'm working on a use case and i want to share it with you to have your opinions,

I have users in Azure active directory, i have printers and print server joined to an azure ad ds domain. the users are synced from azure ad to azure ad ds, user workstations are joined to azure ad. the users and the print server/printer servers are on the same physical network.

My goal is that, these users can use the printers/print server on the azure ad ds, technically i think it's possible because the users are known on azure ad ds, thus can authenticate sucessfully on the domain and use the ressources, i have some concerns about their workstations, as their workstations are joined to azure ad only and not to the azure ad ds, will it be a problem ? we would have sso even if the machines are in azure ad? joining the machines to the azure ad ds domain isn't an option as we will loose endpoint manager

Thank you

Answer 1

@Mohamed jihad bayali

Yes, it is possible to print from Azure AD joined devices, but single sign-on (SSO) may not work.

When a user logs in to an Azure AD joined device, the authentication for the user occurs in Azure AD and a token is issued by Azure AD. However, in your setup, the print server is connected to Azure AD DS. To access the print server in Azure AD DS, an authentication token issued by Azure AD DS is required.

When the user accesses the print server, the printer will expect the authentication token issued by Azure AD DS. Since the token issued to the user is issued by Azure AD and not Azure AD DS, this token will not be accepted. As a result, SSO will not work, and the user will be prompted to enter their credentials.

Let me know if you have any further questions on this.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.