Google Cloud Print and GCDS

The installation of Google Cloud Print (GCP) can be fairly straightforward in a small school or home environment however things can become complicated when you need to integrate with systems such as Google Cloud Directory Sync (GCDS) and print management suites such as PaperCut.

In a larger environment it’s no longer practical to assign each cloud printer to every user account through the cloud print management panel.  It’s just another level of administration a schools IT team can do without. However you can share a printer to a Google group and so long at the membership of the group is maintained this provides a workable solution where you have many printers and many users.

There are two limitations to this approach.

It appears that the membership of the group used to share printers can only include users. So sharing to a group that contains other groups is not going to work. Sharing to a group that contains “All Domain Users” has the same issue.

I haven't found any document that specifically states this as a fact but neither do I know anybody who has this particular set-up working.

This is a bit of an issue because printers are likely to be shared with the larger user groups - such as All Students and All Staff and these are commonly made up of nested groups based on classes or cohorts which are unusable for Google Cloud Print.

Currently the only solution is to create a new Google Group ie: “All Google Printer Users” and place all the user accounts into this. This creates a management overhead but not as much as updating the same information for each printer.

If you have a ready made group that's suitable - good for you, otherwise the all-purpose toolkit GAMS might be able to help you out here.

However at this point you might realise that your Google groups are managed by GCDS so you really should be doing this through MS Active Directory (AD) and allowing GCDS to keep everything up to date.

The second problem is that for sharing to work the owner of the Google printers MUST be either a manager/owner/or member of the Google that being used for sharing.

If you choose the member option you have an additional step. After the printer is shared you must must log in with the account of the group owner and explicitly approve the sharing request. If the printer owner and group owner/manager are the same account you don't have to do this.

Below is the task list that describes integrating Google Cloud Print / PaperCut and GCDS. The process would be the much the same if Papercut were not employed.

  • Create a new AD user  to act as the printer manager account. 
  • Update any GCDS user rules to synchronize the account to Google making sure the mail field is populated with the email address. This also applies to the AD Group (below).
  • Create a new AD Group GoogleCloudPrintUsers@my to hold the accounts that are granted print permission. Add all applicable user AD accounts to this group.
  • Add the AD account into the Manager's Name field (managedBy).

Update any GCDS  group rules to synchronize the group to Google making sure you populate the Owner Reference Attribute with managedBy name field (below). This ensures that when the group is created the owner will be the Google account

Check the Google group It should contain all user accounts plus the marked as the owner.

If you are running PaperCut, step through the procedure to publish to Google Cloud Print making sure you are logged into Google with the account. This account will be the printer owner. There is a very good clip that documents this simple process.

Once PaperCut has published the printer,  log into\cloudprint with the account and share each printer with the Google group GoogleCloudPrintUsers@my

Students and staff should now have visibility of the PaperCut printers from a Chrome browser or a Chromebook logged on with a school account.

When students go to print they’ll probably have “Save as PDF” as the old default in the Destination Field but if they select the Change button they should see the option to select the PaperCut printers.

Other information.

This procedure assumes PaperCut is synced with AD and is accessing the same account set as GCDS.

In this case a print job will be presented to the Papercut queue manager using the email address of the Google user which will be matched to an AD user in the PaperCut database and the standard rules applied.

By adding/removing a user to the AD group the printer list on Chromebooks will be automatically updated once all the syncronisations have gone though.

Last Words.

Please don't take this blog entry as encouragement to print. It entirely possible to go paperless with G Suite for Education providing the workflow and the saving can be considerable.

No comments:

Post a Comment