Active Directory Architect

We are seeking a Senior Active Directory Architect to support the design, modernization, and standardization of directory services across a complex hybrid enterprise environment. This role focuses primarily on Active Directory architecture in a multi-domain hybrid landscape. The successful candidate will help define and implement the strategic direction for Active Directory and its integration with Microsoft Entra ID, establishing a secure, scalable, and maintainable model across multiple countries and environments. The position combines architectural design, technical leadership, and hands-on expertise to improve the current platform, remediate legacy issues, and support modernization initiatives across SYNLAB. While the primary focus is on on-premises Active Directory and hybrid identity, the role also requires solid understanding of Microsoft 365 identity dependencies, particularly Microsoft Entra ID, Exchange hybrid, and identity-related integration points with endpoint management. Responsibilities Active Directory Architecture Assess and document the current Active Directory landscape across multiple environments. Define and implement target architecture and standards for Active Directory. Improve OU structures, delegation models, tiering, and Group Policy design. Address architectural inconsistencies and legacy configuration issues. Identity Stabilization and Remediation Lead remediation of architectural weaknesses, security findings, and legacy Active Directory issues. Troubleshoot complex directory and authentication issues across domains and hybrid environments. Drive improvements in directory design, authentication, and operational resilience. Strengthen Active Directory resiliency, recovery preparedness, and restore processes. Hybrid identity and Microsoft 365 Integration Ensure reliable integration between Active Directory and Microsoft Entra ID. Support and improve directory synchronization architecture, troubleshooting, and operational stability. Contribute to standards for authentication, administration, and lifecycle processes across hybrid identity. Provide architectural input into identity-related dependencies across Microsoft 365, particularly Microsoft Entra ID, Exchange hybrid, and endpoint identity integration with Intune. Support design decisions affecting access, device identity, and cloud-connected provisioning. Technical Leadership Act as the technical authority for Active Directory within the Workplace team. Provide technical guidance to the team. Support identity-related architectural decisions across infrastructure projects. Work closely with infrastructure and application teams across the organization. Align directory and hybrid identity design with broader infrastructure and security initiatives. Support technical workshops and coordination with country IT teams where required, Active Directory current-state architecture documentation covering domains, trusts, OU structure, delegation model, and Group Policy design. Technical review and validation of the target Active Directory architecture proposed by an external project partner. Implementation roadmap translating architecture recommendations into prioritized technical work for the team. Standardized enterprise design for Active Directory structure, including OU hierarchy, delegation model, and Group Policy architecture. Technical guidelines and implementation standards for integrating Active Directory with Microsoft Entra ID and maintaining reliable directory synchronization. Architecture principles and operational standards for Active Directory and hybrid identity environments. Active Directory resiliency review covering backup scope, restore preparedness, and forest recovery readiness. Working style Proactively identifies risks, structural weaknesses, and improvement opportunities, and drives them through to practical implementation. Works effectively in complex and ambiguous environments, bringing structure, priorities, and clear technical direction. Translates architectural concepts into actionable next steps and supports delivery through the internal engineering team. Balances strategic design with hands-on pragmatism, ensuring solutions are supportable and realistic in the operational environment. Thinks in systems: understands dependencies across Active Directory, hybrid identity, infrastructure, and security, and designs accordingly. Challenges assumptions and proposed solutions constructively, including from external partners, to ensure technical quality and long-term maintainability. Promotes standardization, resiliency, and reduction of technical debt without losing focus on operational stability.

Strong experience designing and operating enterprise Active Directory environments. Experience working in large, complex AD environments (multiple domains, trusts, or distributed environments). Deep knowledge of AD domain architecture, OU structure and delegation models, Group Policy architecture, authentication and identity security. Ability to analyze legacy environments and define practical remediations. Deep knowledge of directory synchronization (Entra ID Connect/Cloud Sync). Solid understanding of Microsoft Entra ID administration beyond synchronization, including authentication methods, hybrid identity design, and identity-related access controls. Experience with Exchange hybrid identity dependencies, including recipient-related Active Directory attributes and operational considerations. Good understanding of identity dependencies for Microsoft Intune and Entra-joined / hybrid-joined devices. Experience with identity lifecycle automation and provisioning flows across HR systems, Active Directory, and Microsoft Entra ID. Strong troubleshooting capabilities in complex identity infrastructures. Ability to handle both architectural topics and deep technical issues. Ability to work independently, drive delivery end-to-end, and follow through to completion. Clear communication skills (technical topics to mixed audiences) and solid documentation habits. Exposure to broader Microsoft 365 services and their dependency on hybrid identity design. Knowledge of identity governance or privileged access solutions