Title: Active Directory Consultant
Location: Exton, PA
Job Description:
Key Responsibilities Current-state assessment:
Document AD forest/domain topology, sites/subnets, trust model, FSMO/GC placement, replication health, SYSVOL (DFSR), and GPO landscape; evaluate hybrid identity (Entra Connect/Cloud Sync, PHS/PTA, Seamless SSO, Hybrid/Azure AD Join). Stability & performance:
Improve inter-site
replication , site design, and logon performance; rationalize GPOs; standardize DC build/patch/baseline; ensure time/NTFS/DFS settings are correct. Core services:
Review and optimize
DNS
(forwarders, scavenging, split-brain, conditional forwarding),
DHCP
(failover, reservations, authorization), and
AD CS
(PKI hierarchy, CRL/OCSP, key rollovers, certificate templates). Hybrid & co-management:
Validate
Intune/ConfigMgr co-management
boundaries and device join, certificate delivery, and policy conflicts; recommend workload split and device compliance improvements. Security & governance
:
Implement tiering/least-privilege,
PIM/PAM
patterns, admin tier separation, LAPS/Windows LAPS, service account hardening, audit/monitoring, backup &
forest recovery
readiness. Remediation plan & delivery:
Produce a prioritized backlog with risks, effort, dependencies, and rollback; execute changes via change control with our internal team; provide runbooks and knowledge transfer. Documentation & handover:
Deliver updated
as-built , standards, and SOPs; train operations on monitoring (dcdiag/repadmin/Eventing), backup/restore drills, and ongoing hygiene. Required Qualifications
10+ years
deep experience designing and remediating
enterprise AD
across multi-site environments, including
hybrid identity
with Microsoft Entra. Proven track record delivering
assess-plan-fix
engagements for AD, DNS/DHCP, and
AD CS
in regulated/global organizations. Hands-on expertise with: Windows Server (2016/2019/2022) DCs;
Entra Connect/Cloud Sync ; Hybrid/Azure AD Join; DFSR/SYSVOL; Group Policy refactoring;
DHCP failover ; PKI operations. Strong security background (tiered admin model, privileged access, GPO security baselines, backup &
forest recovery ). Excellent stakeholder communication; ability to lead mixed vendor/internal teams and land changes through formal
change management .
Location: Exton, PA
Job Description:
Key Responsibilities Current-state assessment:
Document AD forest/domain topology, sites/subnets, trust model, FSMO/GC placement, replication health, SYSVOL (DFSR), and GPO landscape; evaluate hybrid identity (Entra Connect/Cloud Sync, PHS/PTA, Seamless SSO, Hybrid/Azure AD Join). Stability & performance:
Improve inter-site
replication , site design, and logon performance; rationalize GPOs; standardize DC build/patch/baseline; ensure time/NTFS/DFS settings are correct. Core services:
Review and optimize
DNS
(forwarders, scavenging, split-brain, conditional forwarding),
DHCP
(failover, reservations, authorization), and
AD CS
(PKI hierarchy, CRL/OCSP, key rollovers, certificate templates). Hybrid & co-management:
Validate
Intune/ConfigMgr co-management
boundaries and device join, certificate delivery, and policy conflicts; recommend workload split and device compliance improvements. Security & governance
:
Implement tiering/least-privilege,
PIM/PAM
patterns, admin tier separation, LAPS/Windows LAPS, service account hardening, audit/monitoring, backup &
forest recovery
readiness. Remediation plan & delivery:
Produce a prioritized backlog with risks, effort, dependencies, and rollback; execute changes via change control with our internal team; provide runbooks and knowledge transfer. Documentation & handover:
Deliver updated
as-built , standards, and SOPs; train operations on monitoring (dcdiag/repadmin/Eventing), backup/restore drills, and ongoing hygiene. Required Qualifications
10+ years
deep experience designing and remediating
enterprise AD
across multi-site environments, including
hybrid identity
with Microsoft Entra. Proven track record delivering
assess-plan-fix
engagements for AD, DNS/DHCP, and
AD CS
in regulated/global organizations. Hands-on expertise with: Windows Server (2016/2019/2022) DCs;
Entra Connect/Cloud Sync ; Hybrid/Azure AD Join; DFSR/SYSVOL; Group Policy refactoring;
DHCP failover ; PKI operations. Strong security background (tiered admin model, privileged access, GPO security baselines, backup &
forest recovery ). Excellent stakeholder communication; ability to lead mixed vendor/internal teams and land changes through formal
change management .