Domain Controller / Active Directory Architect : Remote

Role : Domain Controller / Active Directory Architect

Location : Remote

Primary Skill

Active Directory / Domain Controller Architecture

Secondary Skills

Entra ID (Azure AD), AD Connect, DNS, Group Policy, Identity & Access Management

Experience

10 15+ Years

Role Summary

The Domain Controller / Active Directory Architect will be responsible for designing, governing, and supporting enterprise Active Directory and Domain Controller infrastructure across onpremise, hybrid, and cloudintegrated environments.
The role involves architecture ownership, advanced troubleshooting, migration support, and security governance for identity platforms.

Roles & Responsibilities

Architecture & Design

• Define and maintain Active Directory architecture including forests, domains, OUs, sites, subnets, and trust relationships
• Design Domain Controller topology, replication strategy, and FSMO role placement
• Plan and implement schema changes, functional level upgrades, and DC deployments
• Design high availability, scalability, and disaster recovery for AD services

Domain Controller Management

• Design, deploy, and manage:
• Domain Controllers (onprem and cloud)
• ADintegrated DNS
• SYSVOL (DFSR)
• Own Domain Controller lifecycle:
• Build, patching, upgrades, decommissioning
• Monitor and optimize AD replication, authentication, and performance

Identity Security & Governance

• Architect and implement:
• Group Policy security baselines
• Privileged access models (Tier 0 / Admin isolation)
• Hardening standards and compliance controls
• Audit and remediate security gaps related to:
• Authentication
• Directory permissions
• Legacy protocols and misconfigurations

Migration & Transformation

• Lead and support Active Directory migrations, including:
• Forest/domain restructures
• Tenant carveouts
• Crossforest trusts and coexistence
• Migrate and validate:
• Users, groups, computers
• Service accounts and GPOs
• Ensure authentication and access continuity during transition

Hybrid Identity Integration

• Design and support integration with:
• Microsoft Entra ID (Azure AD)
• Entra ID Connect / Cloud Sync
• AD FS (where applicable)
• Support hybrid identity scenarios including:
• Hybrid Join / Cloud Join
• SSO, MFA, Conditional Access dependencies

Advanced Troubleshooting & Escalation

• Act as L3/L4 escalation point for complex AD and authentication issues
• Perform root cause analysis for:
• Replication failures
• Kerberos / NTLM issues
• Group Policy processing failures
• Provide technical guidance to L1/L2 teams and drive problem prevention

DR, Monitoring & Automation

• Design and test AD backup, restore, and forest recovery procedures
• Conduct disaster recovery drills as required
• Develop PowerShell automation for:
• AD health checks
• Object lifecycle management
• Reporting and audits
• Maintain architecture documentation, SOPs, and runbooks

Required Skills

Must Have

• Strong handson experience with:
• Active Directory Domain Services
• Domain Controllers, FSMO roles, GPO
• ADintegrated DNS
• Windows Server 2012 R2 / 2016 / 2019 / 2022
• Strong understanding of:
• LDAP, Kerberos, NTLM
• AD replication and security models
• PowerShell scripting for AD administration and automation

Good to Have

• Experience with:
• Entra ID (Azure AD) and hybrid identity
• AD migrations and carveout projects
• Trusts, UPN changes, SID history
• Familiarity with ITIL processes (Incident, Change, Problem)
• Exposure to Zero Trust and identity governance models