Azure Active Directory Migration Engineer

Role: Azure Active Directory Migration Engineer

Duration: 6-12 months

Location: Atlanta, GA / Windsor, CT

Need candidates who can work onsite from Day 1 (Hybrid basis)

Overview

The Directory Services / Identity Engineer will lead the technical efforts to migrate client domain users, applications, and infrastructure into the client enterprise domain (DSGLOBAL). This role focuses on designing, implementing, and troubleshooting Active Directory (AD), Microsoft Entra ID (formerly Azure AD), and identity integrations to ensure a secure and seamless transition.

Key Responsibilities

1. Active Directory Migration

1. Plan and execute domain migration activities (user accounts, service accounts, groups, and servers) from IM domain to DSGLOBAL.
2. Implement and manage domain trusts, OU structure alignment, and group policy migrations.
3. Support dual-domain coexistence during transition (authentication and resource access).

1. Identity & Access Management

1. Integrate AD and Microsoft Entra ID for hybrid identity synchronization.
2. Configure and troubleshoot SSO, federation, and authentication protocols (Kerberos, NTLM, SAML, OAuth2, OpenID Connect, ADFS).
3. Work with IAM teams to align group memberships and access policies with enterprise standards.

1. Application Integration

1. Assess and document application dependencies on AD (LDAP bindings, service accounts, Windows authentication).
2. Support application teams in reconfiguring authentication and authorization settings for DSGLOBAL integration.
3. Assist in testing and validating dual-domain or migrated application connectivity.

1. Automation & Reporting

1. Develop and maintain PowerShell scripts for user/group migration, reporting, and cleanup.
2. Automate service account provisioning and group membership validation.

1. Security & Compliance

1. Ensure compliance with security standards and access control policies.

1. Support audits and reviews of AD and Entra configurations.

1. Documentation & Knowledge Transfer

1. Maintain comprehensive documentation of AD architecture, configurations, and migration runbooks.
2. Provide technical guidance and mentoring to other engineers and application teams.

Required Skills & Experience

1. Technical Expertise
   1. 5+ years of hands-on experience with Active Directory, DNS, DHCP, Group Policy, and domain trusts.
   2. Experience with Microsoft Entra ID / Azure AD, AAD Connect, and hybrid identity synchronization.
   3. Proficient in PowerShell scripting for AD automation and reporting.
   4. Familiar with IAM tools (SailPoint, Okta, or similar) and SSO/federation configurations.

1. Migration Experience
   1. Proven record of accomplishment with AD domain migrations, user and group consolidations, and cross-domain authentication.
   2. Experience using tools such as ADMT, Quest Migration Manager, or similar.

1. Troubleshooting & Support
   1. Strong diagnostic skills across authentication, DNS, and network layers.
   2. Ability to resolve complex directory synchronization and authentication issues.

1. Soft Skills
   1. Excellent communication and documentation skills.
   2. Strong collaboration with infrastructure, application, and IAM teams.
   3. Detail-oriented, analytical thinker with solid problem-solving abilities.

Preferred Qualifications

• Microsoft Certified: Identity and Access Administrator Associate or Windows Server Hybrid Administrator Associate
• Experience with Windows Server 2016 2022 environments
• Knowledge of Azure AD Conditional Access, Privileged Identity Management (PIM), and Entra Connect Cloud Sync
• Background in financial services or regulated environments

Tekshapers is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information, or any characteristic protected by law.