Hybrid-AD and new user signing into a laptop

Mateusz Bender 41 Reputation points
2020-03-26T12:25:03.203+00:00

With the recent push to work remotely, I'm trying out ways simplify the initial on-boarding process for new employees.

Normally new employees need to sign in on an AD-joined domain so that they can set their initial password (using a default, predefined password for their accounts). This then gets synced into AAD using AD Connect.

With the push to work remotely, I was wondering if I can prepare the computers (usually laptops) for pickup by the new workers so that they can just sign in from home using the initial credentials provided so that they get prompted for a password change.

Unfortunately, a new user cannot log into a machine without the local AD available, even if the machine is Hybrid-AD joined. Are there any potential ways around this?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,478 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 55,376 Reputation points
    2020-04-01T12:42:46.98+00:00

    @MateuszBender-5444 This can be achieved but with no prompt for password change. You need to assign permanent password to the users (without selecting the "change password at next logon" checkbox). Once the users are logged in, they can change password in the portal, provided SSPR (Self Service Password Reset) is enabled.

    Please "Accept as answer" wherever the information provided helps you to help others in the community.