AD/Entra ID Engineer

Job Description

• Administer and maintain on-premises Active Directory (AD DS) and Microsoft Entra ID (Azure AD) in a hybrid identity environment, including domain controllers, AD Sites & Services, domain/forest trusts, replication and directory synchronization.
• Create, manage, and troubleshoot Group Policies to enforce consistent configuration and security settings across the enterprise.
• Monitor directory health (AD replication, AD-integrated DNS, domain controller performance, Azure AD sync) and proactively resolve issues to ensure reliable authentication and access services.
• Apply Active Directory security best practices (tiered admin model, least privilege, hardened domain controllers) to safeguard identity infrastructure and data.
• Maintain and test Active Directory backup and recovery processes (authoritative/non-authoritative restore procedures), participating in disaster recovery exercises to ensure directory service resilience.
• Automate and streamline identity administration tasks using PowerShell scripting for bulk operations, health checks, and reporting.
• Manage identity-related incidents and service requests as 2nd-level support, troubleshooting complex AD, DNS, GPO, or Entra ID issues to minimize impact on users.
• Implement changes to directory and identity services in adherence to ITIL-based change management processes, providing clear plans, risk assessments, and post-change validation.
• Support user identity lifecycle and access management processes (account provisioning, permissions management) and contribute to cross-system authentication and authorization solutions (e.g., single sign-on integrations).
• Update and maintain technical documentation, runbooks, and Standard Operating Procedures (SOPs) for Active Directory and Entra ID services.
• Other specific duties as assigned by the team leader.

Qualifications

• Extensive hands-on experience with Microsoft Active Directory (AD DS) and Microsoft Entra ID (Azure AD) administration, including operations in hybrid identity environments.
• Strong understanding of AD architecture (domain controllers, AD replication, schema, sites and services, domain trusts, AD-integrated DNS) and authentication/authorization processes (Kerberos, NTLM), with proven ability to troubleshoot complex identity issues.
• Experience implementing Active Directory security best practices (tiered administration, least privilege, secure domain controller configuration) in enterprise environments.
• Proficiency in PowerShell scripting for AD/Entra administration and automation of routine tasks (bulk user management, health monitoring, configuration changes).
• Experience working within ITIL-based IT service management processes and ticketing systems, including strict change, configuration, and release management procedures.
• Proactive, self-motivated team player with strong user orientation, good communication skills, and the ability to adapt to fast-changing technologies.
• Relevant Microsoft identity or ITSM certifications (preferrable).