Microsoft Active Directory Architect

· Lead the architecture, design, and evolution of on-premises Microsoft Active Directory environments.

· Act as technical SME for AD, providing expert guidance on best practices, policies, and standards.

· Design and implement secure AD structures including domains, forests, trusts, and replication strategies.

· Develop and enforce Group Policy strategies aligned with security and operational requirements.

· Define and implement tiered administration models, privileged access controls, and PAM tooling integration.

· Conduct health checks, security assessments, and remediation planning across AD environments.

· Produce and maintain comprehensive design documentation including HLDs, LLDs, and operational runbooks.

· Engage directly with Tech Leads, Programme Managers, and on-site customers to support delivery.

Our client is looking for a Microsoft Active Directory Architect and SME to lead the design, implementation, and securing of enterprise directory services within defence-grade, high-assurance environments. You'll need deep hands-on AD architecture experience and the ability to operate at both strategic and technical levels., · Proven experience in a senior Active Directory Architect or SME role.

· Deep hands-on knowledge of multi-domain and multi-forest AD environments.

· Strong experience designing and implementing Group Policy, DNS, and DHCP in enterprise environments.

· Solid understanding of identity security including tiered admin models, least privilege, PAWs, and PAM tooling.

· Knowledge of authentication protocols including Kerberos, NTLM, LDAP, SAML, and OAuth.

· Experience with PowerShell scripting and automation for AD management tasks.

· Ability to produce high-quality HLDs, LLDs, security architecture docs, and operational runbooks.

· Strong stakeholder engagement and communication skills in secure, customer-facing environments.

The client would also like to see some of the below, but this is not essential:

· Experience working within the Defence and/or Aerospace sector.

· Familiarity with MOD policies, JSP series standards, and NCSC security guidance.

· Microsoft certifications such as Identity and Access Administrator or Windows Server.

· CISSP, CISM, or equivalent security certifications.

· TOGAF or equivalent architecture framework qualification.

· Experience integrating AD with enterprise SIEM and security monitoring tooling.

RECOMMEND A FRIEND: If you have professional friends/colleagues who would be interested in one of our roles and our excellent levels of service too, we'd like to recognise your recommendations with a 'thank you' of our own. For every friend you refer who then starts a role through Datasource either Contract or Permanent, we will send you £200 of Love to Shop Gift Vouchers & gift your friend £100 in Love to Shop Gift Vouchers as well!