Job Description Customer is expecting the following major skills: 1. Active Directory Cleanup Directory Security assessment and remediation. Directory legacy system migration.
Active Directory Engineer Core Directory Services (Isolation Forests & Domains) Role Summary We are seeking an experienced Active Directory (AD) Engineer to design build and operate core Microsoft Active Directory infrastructure with a strong focus on isolated forests segregated domains and security driven directory architectures. This role is critical to enabling secure authentication legacy containment privilege isolation and enterprise identity resilience. The engineer will own the lifecycle of AD forests and domains partner with security and platform teams and ensure directory services meet availability security and compliance requirements.
Key Responsibilities Active Directory Architecture & Engineering
Design build and maintain Active Directory forests trees and domains including additional and isolated forests for security or regulatory purposes
Implement resource forests containment forests and hardened domains for legacy protocols privileged access or application isolation
Design and manage inter forest and intra forest trusts (one way two way selective authentication)
Plan and execute domain controller placement site topology and replication strategy Core AD Administration
Deploy patch and maintain Domain Controllers (Windows Server)
Manage FSMO roles time synchronization DNS integration and SYSVOL
Administer Group Policy Objects (GPOs) for security baselines and configuration management
Manage AD objects: users groups computers service accounts and delegation models
Security & Hardening
Enforce Active Directory security best practices and tiered administration models
Build privilege isolation domains for admin accounts and privileged workloads
Support initiatives such as: o Legacy protocol isolation (NTLM RC4 LDAP signing exceptions) o Service account governance and gMSA implementation o AD attack surface reduction (lateral movement prevention tiering)
Partner with security teams during incidents audits and risk remediation efforts Migration & Transformation
Lead or support: o Domain and forest builds and decompositions o Application and server migrations between domains or forests o Legacy domain containment and modernization efforts
Coordinate with application server and IAM teams to minimize disruption Monitoring Troubleshooting & Operations
Diagnose and resolve: o Replication failures o Authentication and trust issues o DNS and Kerberos related problems
Maintain AD health using monitoring tools and best practices Create and maintain operational runbooks and SOPs
Required Qualifications
Experience
5 8 years of hands on Active Directory engineering and administration experience
Proven experience building new forests and domains including isolated or segmented environments
Deep understanding of AD internals and authentication mechanisms Technical Expertise
Strong knowledge of: o Active Directory Domain Services (AD DS) o DNS Kerberos LDAP NTLM o Forest/domain trusts and authentication boundaries o Active Directory Cleanup o Active Directory Security assessment and remediation. o Active Directory legacy system migration.
Job Description Customer is expecting the following major skills: 1. Active Directory Cleanup Directory Security assessment and remediation. Directory legacy system migration. Active Directory Engineer Core Directory Services (Isolation Forests & Domains) Role Summary We are seeking ...
Job Description Customer is expecting the following major skills: 1. Active Directory Cleanup Directory Security assessment and remediation. Directory legacy system migration.
Active Directory Engineer Core Directory Services (Isolation Forests & Domains) Role Summary We are seeking an experienced Active Directory (AD) Engineer to design build and operate core Microsoft Active Directory infrastructure with a strong focus on isolated forests segregated domains and security driven directory architectures. This role is critical to enabling secure authentication legacy containment privilege isolation and enterprise identity resilience. The engineer will own the lifecycle of AD forests and domains partner with security and platform teams and ensure directory services meet availability security and compliance requirements.
Key Responsibilities Active Directory Architecture & Engineering
Design build and maintain Active Directory forests trees and domains including additional and isolated forests for security or regulatory purposes
Implement resource forests containment forests and hardened domains for legacy protocols privileged access or application isolation
Design and manage inter forest and intra forest trusts (one way two way selective authentication)
Plan and execute domain controller placement site topology and replication strategy Core AD Administration
Deploy patch and maintain Domain Controllers (Windows Server)
Manage FSMO roles time synchronization DNS integration and SYSVOL
Administer Group Policy Objects (GPOs) for security baselines and configuration management
Manage AD objects: users groups computers service accounts and delegation models
Security & Hardening
Enforce Active Directory security best practices and tiered administration models
Build privilege isolation domains for admin accounts and privileged workloads
Support initiatives such as: o Legacy protocol isolation (NTLM RC4 LDAP signing exceptions) o Service account governance and gMSA implementation o AD attack surface reduction (lateral movement prevention tiering)
Partner with security teams during incidents audits and risk remediation efforts Migration & Transformation
Lead or support: o Domain and forest builds and decompositions o Application and server migrations between domains or forests o Legacy domain containment and modernization efforts
Coordinate with application server and IAM teams to minimize disruption Monitoring Troubleshooting & Operations
Diagnose and resolve: o Replication failures o Authentication and trust issues o DNS and Kerberos related problems
Maintain AD health using monitoring tools and best practices Create and maintain operational runbooks and SOPs
Required Qualifications
Experience
5 8 years of hands on Active Directory engineering and administration experience
Proven experience building new forests and domains including isolated or segmented environments
Deep understanding of AD internals and authentication mechanisms Technical Expertise
Strong knowledge of: o Active Directory Domain Services (AD DS) o DNS Kerberos LDAP NTLM o Forest/domain trusts and authentication boundaries o Active Directory Cleanup o Active Directory Security assessment and remediation. o Active Directory legacy system migration.