Active Directory - Developer
Avani Technology Solutions, Phoenix, AZ, United States
Active Directory - Developer
Phoenix, AZ
6 Months
Its a W2 role, no C2C at this moment.
* Proficient with Microsoft Active Directory and identity management solutions * Experienced in implementing role based access and least privileged models * Enterprise management of Windows file services, global system security and policy configuration
1. Active Directory Engineer with at least intermediate level experience in managing Microsoft Active Directory and Windows-based systems across the enterprise, including directory and identity management solutions. 2. Core infrastructure technology duties include enterprise management of Microsoft Active Directory and Windows file services, global system security and policy configuration, and top-level support for enterprise-wide initiatives. 3. Experience implementing role based access, least privileged models. 4. 6 month contract 5. Needs to work on-site at BWI GOC • Analysis of department's/team's current assigned permissions • Identification of department's/team's responsibilities and organizational structure (AKA what work types are distributed within the group) • Determine how many role definitions should exist based on structure and what the names of the roles should be • Identification of the required access for each role • Identify any of the required access that can be classified as "privileged access" • Identify what access is required that is not represented in the Active Directory groups. • Research when access is not granted via Active Directory groups then identify how access is granted and if it can be changed to use Active Directory. • Identify and document where exceptions occur i.e. scenarios where access must be granted directly to a user rather than through a role. (Exceptions) • Create change request detailing the steps to take to convert users to role base access. Await approval. (RFC) • Creation of role groups (FG) • Creation of privileged role groups (PF) as needed • Creation of Privileged users accounts (-A & -DT) as needed • Create a list of user that will be added to new role. • For each role, send Email containing the user list and obtain group manager/supervisor's approval to add users to role(s) as defined (Approval) • Add users to role(s) as communicated • Provided users account username & password info for privileged accounts (-A & -DT) • Removal of privileged access from the non-privileged user accounts • Removal of any access that was granted directly to the user that is now granted via the roles (duplicate access) • Removal of any access on the user accounts that are not part of the role • Modify applications, as needed, to grant privileged accounts access and remove non-privileged accounts • Pilot or test privileged accounts access with a few members of the team before continuing (Await Feedback) • Identify Active Directory groups that granted access to users through another AD group (nested groups) • Remove any existing AD groups inside other AD groups and add them to the role(s) and/or to users directly. (flatten group access) • Identify access that was granted using a generically named AD group (PHX groups) • Create new groups and modify application to use new groups rather than generic group. • Identify places where a single group was used to grant access to multiple resources. • Create new groups and modify application to use new groups • Identify places where access that was granted using a Mail Enabled Security group • Create a new security group to grant access where access was granted using a Mail Enabled Security group. • Convert Mail Enabled Security Group to a standard Mail Distribution group. • Create new groups to grant access for Exchange Mailbox (Full Access, Send As, Send on Behalf) • Remove users from direct access to Exchange Mailboxes and grant users access via new groups. • Convert existing security groups that grant access to "Local" scoped group (LG) • Rename existing groups with meaningful names and descriptions and that comply with naming standards • Create "Global" scoped groups counterpart for each "Local" scoped group. (GG) • Add new "Global" scoped groups to the role(s) and/or to users directly. (No user should be a member of a "Local" group) • Training for Technology Management, Helpdesk, and Operations teams to educate on the appropriate usage of groups with Role Based access and the new naming convention. • Identify and document all groups that grant access to PCI related data/systems • Update access request form to include roles as they are created. (ISRF) • Update internal documentation related to user provisioning to include the use of role base access. • Define and document a process for any role changes or any new role creation going forward, including management approval process • Documentation of what access each role provides. • Deletion of AD groups that no longer provide access to anything.
Its a W2 role, no C2C at this moment.
* Proficient with Microsoft Active Directory and identity management solutions * Experienced in implementing role based access and least privileged models * Enterprise management of Windows file services, global system security and policy configuration
1. Active Directory Engineer with at least intermediate level experience in managing Microsoft Active Directory and Windows-based systems across the enterprise, including directory and identity management solutions. 2. Core infrastructure technology duties include enterprise management of Microsoft Active Directory and Windows file services, global system security and policy configuration, and top-level support for enterprise-wide initiatives. 3. Experience implementing role based access, least privileged models. 4. 6 month contract 5. Needs to work on-site at BWI GOC • Analysis of department's/team's current assigned permissions • Identification of department's/team's responsibilities and organizational structure (AKA what work types are distributed within the group) • Determine how many role definitions should exist based on structure and what the names of the roles should be • Identification of the required access for each role • Identify any of the required access that can be classified as "privileged access" • Identify what access is required that is not represented in the Active Directory groups. • Research when access is not granted via Active Directory groups then identify how access is granted and if it can be changed to use Active Directory. • Identify and document where exceptions occur i.e. scenarios where access must be granted directly to a user rather than through a role. (Exceptions) • Create change request detailing the steps to take to convert users to role base access. Await approval. (RFC) • Creation of role groups (FG) • Creation of privileged role groups (PF) as needed • Creation of Privileged users accounts (-A & -DT) as needed • Create a list of user that will be added to new role. • For each role, send Email containing the user list and obtain group manager/supervisor's approval to add users to role(s) as defined (Approval) • Add users to role(s) as communicated • Provided users account username & password info for privileged accounts (-A & -DT) • Removal of privileged access from the non-privileged user accounts • Removal of any access that was granted directly to the user that is now granted via the roles (duplicate access) • Removal of any access on the user accounts that are not part of the role • Modify applications, as needed, to grant privileged accounts access and remove non-privileged accounts • Pilot or test privileged accounts access with a few members of the team before continuing (Await Feedback) • Identify Active Directory groups that granted access to users through another AD group (nested groups) • Remove any existing AD groups inside other AD groups and add them to the role(s) and/or to users directly. (flatten group access) • Identify access that was granted using a generically named AD group (PHX groups) • Create new groups and modify application to use new groups rather than generic group. • Identify places where a single group was used to grant access to multiple resources. • Create new groups and modify application to use new groups • Identify places where access that was granted using a Mail Enabled Security group • Create a new security group to grant access where access was granted using a Mail Enabled Security group. • Convert Mail Enabled Security Group to a standard Mail Distribution group. • Create new groups to grant access for Exchange Mailbox (Full Access, Send As, Send on Behalf) • Remove users from direct access to Exchange Mailboxes and grant users access via new groups. • Convert existing security groups that grant access to "Local" scoped group (LG) • Rename existing groups with meaningful names and descriptions and that comply with naming standards • Create "Global" scoped groups counterpart for each "Local" scoped group. (GG) • Add new "Global" scoped groups to the role(s) and/or to users directly. (No user should be a member of a "Local" group) • Training for Technology Management, Helpdesk, and Operations teams to educate on the appropriate usage of groups with Role Based access and the new naming convention. • Identify and document all groups that grant access to PCI related data/systems • Update access request form to include roles as they are created. (ISRF) • Update internal documentation related to user provisioning to include the use of role base access. • Define and document a process for any role changes or any new role creation going forward, including management approval process • Documentation of what access each role provides. • Deletion of AD groups that no longer provide access to anything.