Multiple network domains are common on larger networks or special environments such as schools where there is a need to partition the network for security reasons. A common example is:
- A secure domain for staff users
- A domain for student accounts.
- The student domain trusts the staff domain.
PaperCut can track printing from multiple domains, however the initial import of users needs to come from a single source. There are three common methods to ensure all users from both domains are listed in PaperCut.
Method 1 – Taking advantage of Active Directory’s nested groups
Active Directory includes a powerful notion called Nested Groups. This allows a new group to be formed by two child groups. Depending on the trust relationship between the domain and the rights granted to administrator accounts, it is possible to create a new group composed of sub-groups from each domain. For example, if we take the school example,
- Create a group called All Users in the student domain.
- Add the Student group as a member of this group.
- Add the Staff group from the other trusted domain.
PaperCut has native Active Directory integration and can leverage nested groups. The nested group composed of users from both domains can be selected as the user source via the option to “import users from group” is selected either in the setup wizard, or after via Options→User/Group Sync.
Note: Depending on the default trust relationship between domains, it may be necessary to grant the System account on the server hosting PaperCut the ability to read user information from the other domain.
Method 2 – Adding users on first print
If trust relationships, or other technical issues prevent Method 1. An alternate approach is to import users from the main domain - for example, in our school example, we’d import all the students – and the users from the other domain will be added to PaperCut on first-print. That is, when an “unknown” user prints for the first time, they will be automatically added to the PaperCut system.
Method 3 – Adding users via text file import
A variation on Method 2 above is rather than waiting for the users from the secondary domain to be added via first-print, an alternative is to import via a text file. http://www.papercut.biz/pcng/ PaperCut NG includes a batch import option that accepts the list of users via tab-delimited text file. Most large organizations should have such file contain a list of users on hand.
keywords: multiple domains, trust, user management