Domain Controller / Active Directory Architect

Indent :

SF_OP_200424-20-1

Role : Domain Controller / Active Directory Architect

Location :

Remote

Rate:

$90/hr to $92/hr

Primary Skill

Active Directory / Domain Controller Architecture

Secondary Skills

Entra ID (Azure AD), AD Connect, DNS, Group Policy, Identity & Access Management

Experience

10–15+ Years

Role Summary

The Domain Controller / Active Directory Architect will be responsible for

designing, governing, and supporting enterprise Active Directory and Domain Controller infrastructure

across on premise, hybrid, and cloud integrated environments.

The role involves

architecture ownership, advanced troubleshooting, migration support, and security governance

for identity platforms.

Roles & Responsibilities

Architecture & Design

Define and maintain

Active Directory architecture

including forests, domains, OUs, sites, subnets, and trust relationships

Design

Domain Controller topology , replication strategy, and FSMO role placement

Plan and implement

schema changes, functional level upgrades, and DC deployments

Design

high availability, scalability, and disaster recovery

for AD services

Domain Controller Management

Design, deploy, and manage:

Domain Controllers (on prem and cloud)

AD integrated DNS

SYSVOL (DFSR)

Own Domain Controller lifecycle:

Build, patching, upgrades, decommissioning

Monitor and optimize AD replication, authentication, and performance

Identity Security & Governance

Architect and implement:

Group Policy security baselines

Privileged access models (Tier 0 / Admin isolation)

Hardening standards and compliance controls

Audit and remediate security gaps related to:

Authentication

Directory permissions

Legacy protocols and misconfigurations

Migration & Transformation

Lead and support

Active Directory migrations , including:

Forest/domain restructures

Tenant carve outs

Cross forest trusts and coexistence

Migrate and validate:

Users, groups, computers

Service accounts and GPOs

Ensure authentication and access continuity during transition

Hybrid Identity Integration

Design and support integration with:

Microsoft Entra ID (Azure AD)

Entra ID Connect / Cloud Sync

AD FS (where applicable)

Support hybrid identity scenarios including:

Hybrid Join / Cloud Join

SSO, MFA, Conditional Access dependencies

Advanced Troubleshooting & Escalation

Act as

L3/L4 escalation point

for complex AD and authentication issues

Perform root cause analysis for:

Replication failures

Kerberos / NTLM issues

Group Policy processing failures

Provide technical guidance to L1/L2 teams and drive problem prevention

DR, Monitoring & Automation

Design and test

AD backup, restore, and forest recovery procedures

Conduct disaster recovery drills as required

Develop

PowerShell automation

for:

AD health checks

Object lifecycle management

Reporting and audits

Maintain architecture documentation, SOPs, and runbooks

Required Skills

Must Have

Strong hands on experience with:

Active Directory Domain Services

Domain Controllers, FSMO roles, GPO

AD integrated DNS

Windows Server 2012 R2 / 2016 / 2019 / 2022

Strong understanding of:

LDAP, Kerberos, NTLM

AD replication and security models

PowerShell scripting for AD administration and automation

Good to Have

Experience with:

Entra ID (Azure AD) and hybrid identity

AD migrations and carve out projects

Trusts, UPN changes, SID history

Familiarity with ITIL processes (Incident, Change, Problem)

Exposure to Zero Trust and identity governance models

Behavioural Expectations

Strong ownership and accountability

Ability to work with cross functional teams (Security, Cloud, Applications)

Documentation and governance focused approach

Comfortable handling high risk changes and critical outages