VMware Windows AD Administrator

Active Directory Architecture & Design

Design enterprise-grade Active Directory architectures, including:

o Forest and domain design

o Trust relationships (internal and external)

o OU structure, delegation models, and naming standards

Define Group Policy (GPO) strategy aligned with security and operational requirements

Design identity lifecycle management processes (joiners, movers, leavers)

Ensure architectural alignment with security and operational best practices

Active Directory Improvement & Optimization

Perform current-state assessments of the customer s AD environment

Identify and remediate gaps related to:

o Security posture

o Performance and replication health

o Operational inefficiencies

o Technical debt from legacy configurations

Improve and optimize:

o Group Policy Objects (cleanup, consolidation, redesign)

o AD Sites and Services and replication topology

o DNS and domain controller placement

Implement non-disruptive enhancements to existing environments, minimizing business impact

Plan and execute phased improvement activities with clear risk mitigation and rollback strategies

Security & Best Practices

Implement AD security best practices, including:

o Tiered administration models (e.g., Tier 0/1/2)

o Privileged access management

o Secure administrative delegation

Harden Active Directory against common attack vectors

Support incident response related to identity or directory services

Collaborate with security teams on identity-related controls

Documentation & Knowledge Transfer

Produce detailed architecture diagrams, implementation documents, and SOPs

Create operational guides and troubleshooting documentation

Conduct knowledge transfer sessions for operations and support teams

We are seeking a Senior Active Directory Engineer to lead the design, implementation, and operation of an enterprise Active Directory environment as part of a major implementation project. This role requires deep technical expertise, strong architectural skills, and hands-on delivery experience in complex AD environments.

The ideal candidate will have 6-10 + years of experience working with Microsoft Active Directory in large-scale or enterprise environments and will be comfortable owning the solution from architecture through steady-state operations., 10+ years of hands-on experience with Microsoft Active Directory in enterprise environments

Strong experience across the full AD lifecycle:

o Design

o Implementation

o Migration

o Operations

Deep technical knowledge of:

o Active Directory Domain Services (AD DS)

o DNS and AD-integrated DNS

o Group Policy design and troubleshooting

o AD replication and topology

Proven experience leading AD implementation or transformation projects

Strong PowerShell skills for AD administration and automation

Solid understanding of Windows Server internals and authentication mechanisms (Kerberos, NTLM)

Preferred Qualifications

Experience with hybrid identity solutions:

o Azure AD / Microsoft Entra ID

o Azure AD Connect / Cloud Sync

Experience with:

o Multi-forest or multi-domain environments

o M&A-related AD consolidation projects

Familiarity with identity security tools (e.g., PAM, MFA integrations)

Microsoft certifications (preferred, not mandatory):

o Windows Server

o Identity and Access Management

Experience working in regulated or security-sensitive environments

Soft Skills & Attributes

Strong problem-solving and analytical skills

Ability to work independently and take ownership of critical systems

Excellent communication skills for:

o Technical teams

o Project stakeholders

o Management

Comfortable working in high-pressure implementation environments

Strong documentation and presentation skills