Active Directory consultant (Hybrid with Microsoft Entra)

  • Exton, PA
  • Posted 1 day ago | Updated 14 hours ago

Overview

On Site
Depends on Experience
Full Time
Accepts corp to corp applications
Able to Provide Sponsorship

Skills

Active Directory
Microsoft Entra

Job Details

Please email me your resumes @ ()or call me on my cell .

Job Title: Active Directory consultant (Hybrid with Microsoft Entra)
Location: Exton, PA

Duration: 6-12 months

Job Summary:

We are seeking a senior consultant to assess, remediate, and optimize our Active Directory (AD DS) estate in a hybrid configuration with Microsoft Entra ID. The engagement covers AD design and health, replication between sites, DNS/DHCP, Active Directory Certificate Services (AD CS/CA), comanagement (ConfigMgr + Intune), and security hardening. You will lead a focused review, define an action plan with clear priorities, and execute the agreed remediations in partnership with an assigned internal team.

Key Responsibilities

  • Currentstate assessment: Document AD forest/domain topology, sites/subnets, trust model, FSMO placement, replication health, SYSVOL (DFSR), and GPO landscape; evaluate hybrid identity (Entra Connect/Cloud Sync, PHS/PTA, Seamless SSO, Hybrid/Azure AD Join).
  • Stability & performance: Improve intersite replication, site design, and logon performance; rationalize GPOs; standardize DC build/patch/baseline; ensure time/NTFS/DFS settings are correct.
  • Core services: Review and optimize DNS (forwarders, scavenging, splitbrain, conditional forwarding), DHCP (failover, reservations, authorization), and AD CS (PKI hierarchy, CRL/OCSP, key rollovers, certificate templates).
  • Hybrid & comanagement: Validate Intune/ConfigMgr comanagement boundaries and device join, certificate delivery, and policy conflicts; recommend workload split and device compliance improvements.
  • Security & governance: Implement tiering/leastprivilege, PIM/PAM patterns, admin tier separation, LAPS/Windows LAPS, service account hardening, audit/monitoring, backup & forest recovery
  • Remediation plan & delivery: Produce a prioritized backlog with risks, effort, dependencies, and rollback; execute changes via change control with our internal team; provide runbooks and knowledge transfer.
  • Documentation & handover: Deliver updated asbuilt, standards, and SOPs; train operations on monitoring (dcdiag/repadmin/Eventing), backup/restore drills, and ongoing hygiene.

Required Qualifications

  • 10+ years deep experience designing and remediating enterprise AD across multisite environments, including hybrid identity with Microsoft Entra.
  • Proven track record delivering assessplanfix engagements for AD, DNS/DHCP, and AD CS in regulated/global organizations.
  • Handson expertise with: Windows Server (2016/2019/2022) DCs; Entra Connect/Cloud Sync; Hybrid/Azure AD Join; DFSR/SYSVOL; Group Policy refactoring; DHCP failover; PKI operations.
  • Strong security background (tiered admin model, privileged access, GPO security baselines, backup & forest recovery).
  • Excellent stakeholder communication; ability to lead mixed vendor/internal teams and land changes through formal change management.

Preferred / Nice to Have

  • Relevant Microsoft certifications (e.g., Windows Server Hybrid Administrator Associate AZ800/801; Identity & Access Administrator SC300) and/or CISSP.
  • Experience stabilizing comanagement (Microsoft Intune + Configuration Manager), Autopilot, device compliance, and certificate delivery to clients.
  • Familiarity with monitoring/automation (PowerShell/Desired State Configuration), and with audit/compliance needs (e.g., GDPR, SOX) in identity platforms.

Deliverables & Success Measures

  • Assessment report with heatmap of risks and quickwins vs. strategic items.
  • Remediation backlog & roadmap, including dependencies, test/rollback plans, and acceptance criteria.
  • Executed stabilization and hardening actions (e.g., replication errors to zero, GPO drift reduced, PKI CRL/OCSP health, DHCP failover verified).
  • Operational runbooks and knowledge transfer sessions; updated architecture and SOPs.
  • Demonstrable improvement in AD/Hybrid identity health KPIs (replication, logon, join/compliance, certificate issuance), incident reduction, and audit readiness.

Regards,

Harjeet Singh

Marlabs LLC. | One Corporate Place South | Piscataway, NJ 08854

Tel: X1496 | Mobile: | Fax: |

US| Brazil | Canada| Germany | India

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.