Active Directory Specialist

Role Overview

The Active Directory Architect is responsible for designing, governing, and transforming enterprise Active Directory and identity environments. The role requires deep expertise in AD architecture, security, migrations, hybrid identity, and integration with Microsoft 365 and Azure, ensuring scalable, secure, and compliant identity services.

______________

Key Responsibilities

Architecture & Design

* Own the end to end Active Directory architecture, including forest/domain design, trust models, OU structure, and tiered administration (Tier 0/1/2).

* Design target state AD and hybrid identity architectures aligned with security and business requirements.

* Define standards, design principles, and best practices for AD and identity services.

Active Directory Transformation & Migration

* Lead AD consolidation, migration, and upgrade initiatives (e.g., cross forest, domain consolidation, legacy upgrades).

* Plan and execute POCs, pilots, phased rollouts, cutover, and rollback strategies.

* Identify and manage application and service dependencies during migrations.

Identity & Security

* Implement AD security hardening, privileged access models, and delegation strategies.

* Design and govern authentication and authorization models, including MFA, Conditional Access, and PIM.

* Ensure compliance with enterprise security policies, ISMS, and regulatory requirements.

* Perform risk assessments and provide mitigation plans for identity related changes.

Hybrid Identity & Cloud Integration

* Design and manage hybrid identity with Entra ID (Azure AD), including sync, identity flows, and coexistence.

* Support integration with Microsoft 365 workloads (Exchange Online, Teams, SharePoint).

* Align AD strategy with modern workplace and cloud adoption initiatives.

GPO, Endpoint & Platform Integration

* Design and optimize Group Policy (GPO) structures and standards.

* Manage GPO vs Intune / MDM coexistence and transition strategies.

* Ensure compatibility with Windows Autopilot, Windows Hello for Business, and endpoint hardening.

Governance & Stakeholder Management

* Act as technical authority for AD related scope in SOWs, Change Requests, and proposals.

* Collaborate with customer architects, security teams, Microsoft, and third party vendors.

* Provide clear communication on risks, decisions, and progress to senior stakeholders.

Documentation & Knowledge Transfer

* Produce and maintain architecture diagrams, design documents, migration plans, and SOPs.

* Ensure audit ready documentation and traceability.

* Lead knowledge transfer (KT) to operations and support teams.

Required Skills & Experience

Technical Skills

* 12+ years of experience in Active Directory and Identity Management

* Strong hands on expertise with:

o Active Directory (AD DS, AD LDS)

o ADFS, Azure AD / Entra ID

o Windows Server (2012–2022/2025)

o Exchange (On Prem & Hybrid)

o GPO, DNS, DHCP, PKI

* Experience with PowerShell automation

* Exposure to System Center tools (SCOM, SCCM) is an advantage

Experience & Competencies

* Proven experience leading large scale AD transformations

* Strong understanding of enterprise security and compliance

* Excellent analytical, documentation, and design skills

* Ability to work in multi stakeholder, global environments

* Strong communication and leadership capabilities