With the recent push to work remotely, I'm trying out ways simplify the initial on-boarding process for new employees.
Normally new employees need to sign in on an AD-joined domain so that they can set their initial password (using a default, predefined password for their accounts). This then gets synced into AAD using AD Connect.
With the push to work remotely, I was wondering if I can prepare the computers (usually laptops) for pickup by the new workers so that they can just sign in from home using the initial credentials provided so that they get prompted for a password change.
Unfortunately, a new user cannot log into a machine without the local AD available, even if the machine is Hybrid-AD joined. Are there any potential ways around this?