Active Directory Engineer / AD SME

Employment Eligibility Statement
Due to specific project and client requirements, this position is open to U.S. Citizens and U.S. Lawful Permanent Residents (s) . Sponsorship is not available at this time.

Danta Technologies evaluates all candidates in compliance with the Immigration and Nationality Act (INA) and EEOC guidelines . All hiring decisions are made without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic.


The client wants a senior L3 Active Directory SME who can architect, secure, and troubleshoot complex enterprise AD environments and act as the final escalation point.

The client is looking for someone who acts as a "go-to expert / architect + troubleshooter” for AD in a large enterprise.

Domain: Identity & Access Management, Windows Infrastructure

Role Summary:

We are looking for a highly skilled L3 Active Directory (On‐Premise) SME with deep experience in designing, managing, and troubleshooting complex AD environments. The candidate will be the highest escalation point for AD issues, lead architectural improvements, perform RCA, and ensure AD security, availability, and performance in a large enterprise environment.

Key Responsibilities:

1. L3 Escalation & Technical Support:

• Serve as the top‐tier escalation for Active Directory and Windows infrastructure issues.
• Troubleshoot complex authentication, replication, DNS, GPO, policy processing, and trust issues.
• Perform advanced RCA, log analysis, and performance debugging.
• Develop L3 SOPs, KB articles, scripts, and automation for operations teams.

2. Active Directory Administration & Architecture

• Manage and maintain large multi‐domain, multi‐forest on‐prem AD environments.
• Oversee FSMO roles, domain controllers (DC health), AD sites, replication topology.
• Install, upgrade, and harden domain controllers (physical/virtual).
• Implement AD schema updates, forest/domain functional level upgrades.
• Perform AD migration, consolidation, restructuring, and domain/forest trust design.

3. DNS, DHCP, & Windows Core Infrastructure:

• Troubleshoot AD-integrated DNS issues (zones, scavenging, forwarding, delegation).
• Manage and secure DHCP scopes, reservations, failover.
• Deep understanding of Kerberos, NTLM, LDAP, LDAPS, SPNs, tickets, token bloat.
• Ensure GPO performance tuning, inheritance control, WMI filters, controlled rollouts.

4. Security & Hardening:

• Implement AD security baselines, CIS benchmarks, and Microsoft security best practices.
• Periodically audit domain controllers, replication, delegations, privileged groups.
• Manage tiered admin model, least privilege, Just‐In‐Time (JIT) & Just‐Enough‐Administration (JEA).
• Enforce password policies, PAM/Privileged Identity controls, and secure service account management.
• Perform logs and event analysis through SIEM (Splunk, Sentinel, QRadar).

5. High Availability & DR:

• Build and validate disaster recovery procedures for AD, DNS, and DHCP.
• Maintain backup/restore strategies using tools like AD Recycle Bin, Authoritative Restore, System State, VM snapshots.
• Ensure site resiliency, replication health, and multi‐site availability.

6. Automation & Scripting:

• Automate AD operations using PowerShell (mandatory).
• Build scripts for
• User provisioning/deprovisioning
• Group management
• GPO backup/restore
• ACL/permissions
• Health monitoring & reporting

7. Integration & Identity Services:

• Expertise integrating AD
• ADFS
• Azure AD Connect (Sync rules, writeback, filtering)
• SSO solutions
• LDAP‐based applications
• PKI/Certification Services
• Understand hybrid identity dependencies (even though this role is on‐prem focused).

Required Skills & Qualifications:

• 7–12+ years hands‐on experience in enterprise Active Directory environments.

Deep knowledge of:

• AD architecture, design & security
• DNS, DHCP, Sites & Services
• Kerberos, LDAP, GPO, trusts, replication
• Experience troubleshooting large distributed Windows Server infrastructures.
• Strong PowerShell automation skills.
• Experience implementing AD hardening, security baselines, RBAC delegation.
• Knowledge of backup/restore and DR strategies for domain controllers.
• Strong understanding of networking fundamentals (TCP/IP, firewall rules, ports).

Preferred Skills:

• Microsoft certifications (AZ‐800, AZ‐801, MS‐100/101, SC‐300, MCSA/MCSE).
• Experience with Azure AD and hybrid identity models.
• Experience with IAM/PAM tools (Delinea, CyberArk, BeyondTrust).
• Familiarity with virtualization (VMware/Hyper‐V).
• Experience with enterprise SIEM and security monitoring tools.

Notes:- All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.

Benefits: Danta offers a compensation package to all W2 employees that are competitive in the industry. It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law.

The rate/ Salary range is dependent on numerous factors including Qualification, Experience and Location.