Universal Print Administrator Roles
Using Universal Print's integration with Azure Active Directory (Azure AD), you can designate limited privilege administrators to manage printers. Universal Print introduced two roles into Azure AD:
|Printer Administrator||Users in this role have full access to manage all aspects of printers in Universal Print.|
|Printer Technician||Users in this role can register and un-register printers and set printer status.|
Visit Azure AD administrator roles for information about other roles.
Assign Limited Admin Role through Azure portal
Follow instructions at Azure AD's View and assign roles to view and assign users to specific roles.
Assign Limited Admin Role using PowerShell
Azure AD offers the ability to use the AzureAD PowerShell module to assign users to any administrator role.
1. Install AzureAD Module
From Admin PowerShell prompt:
Install-Module -Name AzureAD
You will need to accept to install the module from PSGallery, which is considered to be an un-trusted repository.
2. Connect to Azure tenant
Use a Global Admin user account.
3. Check if Printer Administrator role is already enabled
If you see "Printer Administrator" in the results then it is enabled and you can just start assigning members.
If you do NOT see "Printer Administrator" in the results, run:
Enable-AzureADDirectoryRole -RoleTemplateId "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f"
4. Assign user accounts to Printer Administrator role
Add-AzureADDirectoryRoleMember -ObjectId "83e34fcb-2028-40f0-8d37-f84ebd9ece84" -RefObjectId "1319811c-4837-4e2e-bf62-45c80a3dd0c4"
|ObjectId||The Printer Administrator role object from the "Get-AzureADDirectoryRole" call. In my test tenant it is "83e34fcb-2028-40f0-8d37-f84ebd9ece84".|
|RefObjectId||The user account's object ID in Azure AD. This can be found at Azure portal.|
Once complete, go to the Azure portal and look at the "Assigned roles" of the user account to verify.