Active Directory SME (NCS/Job/ 3633)

Act as the primary SME and technical authority for Active Directory across production, DR, and hybrid environments. 
- Design, review, and evolve AD forest/domain architecture, including domain models, trust relationships, and site topology. 
- Own FSMO role strategy, Global Catalog placement, replication design, and multi-site resilience. 
- Define and enforce AD design standards, naming conventions, and operational guardrails. 
- Lead RCA and resolution for complex, cross-domain AD incidents. 
Domain Controllers, DNS & Core Services 
- Architect and manage high-availability Domain Controller deployments. 
- Own integrated DNS architecture including forwarders and scavenging. 
- Proactively monitor and remediate replication, NTP, and directory health issues. 
- Plan and execute AD upgrades and lifecycle management. 
Group Policy & Security Hardening 
- Design enterprise-grade GPO frameworks aligned with security baselines. 
- Implement tiered administration and privileged access controls. 
- Own password, authentication, and Kerberos policies. 
- Lead AD-level security hardening and remediation. 
Identity, Authentication & SSO Platforms 
- SME for AD FS, Okta, SSO, MFA, and federation architecture. 
- Own LDAP/LDAPS integrations. 
- Support identity for VPN, Wi-Fi (802.1X), and zero trust access. 
Automation, Compliance & Leadership 
- Develop PowerShell automation. 
- Own SOPs, audits, and remediation. 
- Escalation point and mentor for AD teams.