Active Directory (NCS/Job/ 3692)

• Design, build, and maintain Active Directory forests, trees, and domains, including additional and isolated forests for security or regulatory purposes
• Implement resource forests, containment forests, and hardened domains for legacy protocols, privileged access, or application isolation
• Design and manage inter‑forest and intra‑forest trusts (one‑way, two‑way, selective authentication)
• Plan and execute domain controller placement, site topology, and replication strategy

Core AD Administration

• Deploy, patch, and maintain Domain Controllers (Windows Server)
• Manage FSMO roles, time synchronization, DNS integration, and SYSVOL
• Administer Group Policy Objects (GPOs) for security baselines and configuration management
• Manage AD objects: users, groups, computers, service accounts, and delegation models

Security & Hardening

• Enforce Active Directory security best practices and tiered administration models
• Build privilege isolation domains for admin accounts and privileged workloads
• Support initiatives such as:
  • Legacy protocol isolation (NTLM, RC4, LDAP signing exceptions)
  • Service account governance and gMSA implementation
  • AD attack surface reduction (lateral movement prevention, tiering)

• Partner with security teams during incidents, audits, and risk remediation efforts

Migration & Transformation

• Lead or support:
  • Domain and forest builds and decompositions
  • Application and server migrations between domains or forests
  • Legacy domain containment and modernization efforts

• Coordinate with application, server, and IAM teams to minimize disruption

Monitoring, Troubleshooting & Operations

• Diagnose and resolve:
  • Replication failures
  • Authentication and trust issues
  • DNS and Kerberos‑related problems

• Maintain AD health using monitoring tools and best practices
• Create and maintain operational runbooks and SOPs

Required Qualifications

Experience

• 5–8+ years of hands‑on Active Directory engineering and administration experience
• Proven experience building new forests and domains, including isolated or segmented environments
• Deep understanding of AD internals and authentication mechanisms

Technical Expertise

• Strong knowledge of:
  • Active Directory Domain Services (AD DS)
  • DNS, Kerberos, LDAP, NTLM
  • Forest/domain trusts and authentication boundaries
  • Active Directory Cleanup
  • Active Directory Security assessment and remediation.
  • Active Directory legacy system migration.