AD Architect : Carve-Out Project
We are looking senior AD architect to lead a complex Active Directory carve-out and migration engagement. The candidate will own end-to-end AD design, Build, migration execution and post-migration stabilization with a strong security posture throughout.
Required Skills & Experience
- 10+ years of hands-on experience with on-premises Active Directory Domain Services (ADDS), Hybrid Identity and Azure Cloud.
- Proven track record delivering large-scale AD carve-out and inter/intra-forest migration projects
- Working knowledge of AD security hardening (tiered administration, PAW, privilege separation, attack path reduction)
- Hands-on experience with Quest Migration Manager for Active Directory (ODMA) for AD object migration, co-existence, and cutover management
- Familiarity with ManageEngine AD Audit Plus for migration audit trail, change tracking, and compliance reporting
- Strong troubleshooting and root cause analysis skills in complex, cross-domain migration scenarios
On-Premises ADDS & Migratio
- nDesign and deploy On-Prem AD DS on Azure IaaS from scratch; implement DCs with HA/DR best practice
- sArchitect hybrid identity integration with Microsoft Entra I
- DConfigure Sites and Subnets aligned to network topology; plan Domain and Trust relationship
- sLead AD carve-out projects : scoping, wave planning, dependency mapping, and cutover executio
- nExecute inter-forest and intra-forest migrations using Quest ODMA, including object migration, co-existence setup, and password synchronizatio
- nPerform SID History migration, validation, and cleanup; ensure resource access continuity, GPOs Assessment prior to Cross Domain Migratio
- nDesign and enforce zero/minimal downtime migration strategies with rollback procedure
- sConduct post-migration validation, ACL remediation, and environment stabilizatio
n
AD Securi
- tyApply AD security hardening standards (tiered admin model, Protected Users group, AdminSDHolder, LAP
- S)Identify and remediate common AD attack paths (Kerberoasting, DCSync, delegation abus
- e)Leverage ManageEngine AD Audit Plus to establish audit baselines, detect anomalies, and produce compliance reports during and after migrati
- onEnforce least-privilege principles across migrated objects and administrative accoun
- tsDefine and document security controls for the target doma
in
ADFS Federation & Hybrid Ident
- ityDesign and deploy ADFS on Azure IaaS; configure Relying Party Trusts and Claims Ru
- lesInstall, configure, and manage Azure AD Connect; define OU filtering, attribute mapping, and sync ru
- lesTroubleshoot federation, SSO, and Entra ID sync failures; manage ADFS certificate lifecy
cle
AD Infrastructure & Core Serv
- icesGPO architecture, Internal/External DNS, Conditional Forwarders, Stub Zones, AD-Integrated
- DNSNTP hierarchy design and time synchronization issue resolu
- tionCross-domain integration; assist with third-party application and domain integra
tion
Documentation & Gover
- nanceProduce: HLD, LLD, AD Design Documents, Migration Runbooks, Project Handbook, Handover Document
- ationEnsure compliance with security best practices; conduct knowledge transfer ses
sions
