Role : Domain Controller / Active Directory Architect
Location : Remote
Primary Skill
Active Directory / Domain Controller Architecture
Secondary Skills
Entra ID (Azure AD), AD Connect, DNS, Group Policy, Identity \& Access Management
Experience
10 15\+ Years
Role Summary
The Domain Controller / Active Directory Architect will be responsible for designing, governing, and supporting enterprise Active Directory and Domain Controller infrastructure across on premise, hybrid, and cloud integrated environments.
The role involves architecture ownership, advanced troubleshooting, migration support, and security governance for identity platforms.
Roles \& Responsibilities
Architecture \& Design
- Define and maintain Active Directory architecture including forests, domains, OUs, sites, subnets, and trust relationships
- Design Domain Controller topology, replication strategy, and FSMO role placement
- Plan and implement schema changes, functional level upgrades, and DC deployments
- Design high availability, scalability, and disaster recovery for AD services
- Design, deploy, and manage:
- Own Domain Controller lifecycle:
- Monitor and optimize AD replication, authentication, and performance
- Architect and implement:
- Audit and remediate security gaps related to:
- Lead and support Active Directory migrations, including:
- Migrate and validate:
- Ensure authentication and access continuity during transition
- Design and support integration with:
- Support hybrid identity scenarios including:
- Act as L3/L4 escalation point for complex AD and authentication issues
- Perform root cause analysis for:
- Provide technical guidance to L1/L2 teams and drive problem prevention
- Design and test AD backup, restore, and forest recovery procedures
- Conduct disaster recovery drills as required
- Develop PowerShell automation for:
- Maintain architecture documentation, SOPs, and runbooks
- Strong hands on experience with:
- Strong understanding of:
- PowerShell scripting for AD administration and automation
- Experience with:
- Familiarity with ITIL processes (Incident, Change, Problem)
- Exposure to Zero Trust and identity governance models
- Strong ownership and accountability
- Ability to work with cross functional teams (Security, Cloud, Applications)
- Documentation and governance focused approach
- Comfortable handling high risk changes and critical outages
Domain Controller Management
+ Domain Controllers (on prem and cloud)
+ AD integrated DNS
+ SYSVOL (DFSR)
+ Build, patching, upgrades, decommissioning
Identity Security \& Governance
+ Group Policy security baselines
+ Privileged access models (Tier 0 / Admin isolation)
+ Hardening standards and compliance controls
+ Authentication
+ Directory permissions
+ Legacy protocols and misconfigurations
Migration \& Transformation
+ Forest/domain restructures
+ Tenant carve outs
+ Cross forest trusts and coexistence
+ Users, groups, computers
+ Service accounts and GPOs
Hybrid Identity Integration
+ Microsoft Entra ID (Azure AD)
+ Entra ID Connect / Cloud Sync
+ AD FS (where applicable)
+ Hybrid Join / Cloud Join
+ SSO, MFA, Conditional Access dependencies
Advanced Troubleshooting \& Escalation
+ Replication failures
+ Kerberos / NTLM issues
+ Group Policy processing failures
DR, Monitoring \& Automation
+ AD health checks
+ Object lifecycle management
+ Reporting and audits
Required Skills
Must Have
+ Active Directory Domain Services
+ Domain Controllers, FSMO roles, GPO
+ AD integrated DNS
+ Windows Server 2012 R2 / 2016 / 2019 / 2022
+ LDAP, Kerberos, NTLM
+ AD replication and security models
Good to Have
+ Entra ID (Azure AD) and hybrid identity
+ AD migrations and carve out projects
+ Trusts, UPN changes, SID history
Behavioural Expectations