A few years ago we started using Azure AD, as the situation is now, new users are created in the AD and synchronized with the AAD. However, we also employ a large group of volunteers, only provided with an E1 license, who in the current situation are also created in the AD and synchronized with the AAD, this causes a problem with renewing their passwords, they only logon online on devices of their own or devices for general use, these devices are not on the domain. Due to this AD-AAD construction, they cannot renew their password unless a writeback license is purchased. We believe that this is not necessary and it would unnecessarily expensive.
The volunteers have an E1 account and are not in certain rights groups. If they were in the AAD only then the problem would be solved.
The question is how do we get these accounts out from the AD into the AAD. According to our softwareadministrator, everything must first be removed from the AD and then re-created in the AAD, can anyone say if this is correct?
Kind regards,
Roel Staarink