Domain Controller / Active Directory Architect

Indent :SF_OP_200424-20-1
Role : Domain Controller / Active Directory Architect
Location : Remote
Rate: $90/hr to $92/hr

Primary Skill
Active Directory / Domain Controller Architecture
Secondary Skills
Entra ID (Azure AD), AD Connect, DNS, Group Policy, Identity & Access Management
Experience
10–15+ Years
Role Summary
The Domain Controller / Active Directory Architect will be responsible for designing, governing, and supporting enterprise Active Directory and Domain Controller infrastructure across on premise, hybrid, and cloud integrated environments.
The role involves architecture ownership, advanced troubleshooting, migration support, and security governance for identity platforms.Roles & Responsibilities
Architecture & Design

• Define and maintain Active Directory architecture including forests, domains, OUs, sites, subnets, and trust relationships
• Design Domain Controller topology, replication strategy, and FSMO role placement
• Plan and implement schema changes, functional level upgrades, and DC deployments
• Design high availability, scalability, and disaster recovery for AD services

Domain Controller Management

• Design, deploy, and manage:
  • Domain Controllers (on prem and cloud)
  • AD integrated DNS
  • SYSVOL (DFSR)
• Own Domain Controller lifecycle:
  • Build, patching, upgrades, decommissioning
• Monitor and optimize AD replication, authentication, and performance

Identity Security & Governance

• Architect and implement:
  • Group Policy security baselines
  • Privileged access models (Tier 0 / Admin isolation)
  • Hardening standards and compliance controls
• Audit and remediate security gaps related to:
  • Authentication
  • Directory permissions
  • Legacy protocols and misconfigurations

Migration & Transformation

• Lead and support Active Directory migrations, including:
  • Forest/domain restructures
  • Tenant carve outs
  • Cross forest trusts and coexistence
• Migrate and validate:
  • Users, groups, computers
  • Service accounts and GPOs
• Ensure authentication and access continuity during transition

Hybrid Identity Integration

• Design and support integration with:
  • Microsoft Entra ID (Azure AD)
  • Entra ID Connect / Cloud Sync
  • AD FS (where applicable)
• Support hybrid identity scenarios including:
  • Hybrid Join / Cloud Join
  • SSO, MFA, Conditional Access dependencies

Advanced Troubleshooting & Escalation

• Act as L3/L4 escalation point for complex AD and authentication issues
• Perform root cause analysis for:
  • Replication failures
  • Kerberos / NTLM issues
  • Group Policy processing failures
• Provide technical guidance to L1/L2 teams and drive problem prevention

DR, Monitoring & Automation

• Design and test AD backup, restore, and forest recovery procedures
• Conduct disaster recovery drills as required
• Develop PowerShell automation for:
  • AD health checks
  • Object lifecycle management
  • Reporting and audits
• Maintain architecture documentation, SOPs, and runbooks

Required Skills
Must Have

• Strong hands on experience with:
  • Active Directory Domain Services
  • Domain Controllers, FSMO roles, GPO
  • AD integrated DNS
  • Windows Server 2012 R2 / 2016 / 2019 / 2022
• Strong understanding of:
  • LDAP, Kerberos, NTLM
  • AD replication and security models
• PowerShell scripting for AD administration and automation

Good to Have

• Experience with:
  • Entra ID (Azure AD) and hybrid identity
  • AD migrations and carve out projects
  • Trusts, UPN changes, SID history
• Familiarity with ITIL processes (Incident, Change, Problem)
• Exposure to Zero Trust and identity governance models

Behavioural Expectations

• Strong ownership and accountability
• Ability to work with cross functional teams (Security, Cloud, Applications)
• Documentation and governance focused approach
• Comfortable handling high risk changes and critical outages