question

MateuszBender-5444 avatar image
0 Votes"
MateuszBender-5444 asked ·

Hybrid-AD and new user signing into a laptop

With the recent push to work remotely, I'm trying out ways simplify the initial on-boarding process for new employees.

Normally new employees need to sign in on an AD-joined domain so that they can set their initial password (using a default, predefined password for their accounts). This then gets synced into AAD using AD Connect.

With the push to work remotely, I was wondering if I can prepare the computers (usually laptops) for pickup by the new workers so that they can just sign in from home using the initial credentials provided so that they get prompted for a password change.

Unfortunately, a new user cannot log into a machine without the local AD available, even if the machine is Hybrid-AD joined. Are there any potential ways around this?

azure-active-directoryazure-ad-connect
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@MateuszBender-5444 This can be achieved but with no prompt for password change. You need to assign permanent password to the users (without selecting the "change password at next logon" checkbox). Once the users are logged in, they can change password in the portal, provided SSPR (Self Service Password Reset) is enabled.


Please "Accept as answer" wherever the information provided helps you to help others in the community.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.