System Administrator

The L3 Engineer for On-Premises and Azure Active Directory is responsible for maintaining the stability, performance, and security of enterprise directory services. This includes troubleshooting complex issues, implementing enhancements, and supporting seamless integration between on-prem AD and Azure AD. The role also requires proactive involvement in security hardening, lifecycle management, automation, and supporting a hybrid cloud infrastructure.

1. Active Directory (On-Premises):

Design and Maintenance:

Architect and manage multi-domain, multi-forest Active Directory environments.

Perform schema extensions and manage= replication across sites.

Plan and execute AD migrations, upgrades, and domain consolidations.

Configuration and Optimization:

Configure and optimize Group Policy Objects (GPOs) for user and device management.

Manage trusts, sites, and services to ensure optimal directory performance.

Security:

Implement security measures such as access controls, auditing, and logging.

Regularly perform AD security assessments using tools like ADAudit , PingCastle, or BloodHound.

Address vulnerabilities identified through audits and penetration tests.

Troubleshooting:

Diagnose and resolve advanced AD issues related to authentication, replication, and performance.

Support complex Kerberos and NTLM authentication scenarios.

2. Azure Active Directory (AAD):

Integration and Management:

Deploy and configure Azure AD Connect for hybrid identity scenarios.

Ensure seamless synchronization of on-prem AD with Azure AD, managing attributes and custom rules.

Implement conditional access policies, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM).

Applications and SSO:

Integrate enterprise applications with Azure AD for Single Sign-On (SSO).

Manage OAuth, OpenID Connect, and SAML integrations for third-party services.

Identity Protection:

Configure Azure AD Identity Protection to monitor suspicious activity.

Investigate alerts and take corrective actions for compromised accounts.

3. Automation & Scripting:

Develop PowerShell scripts for bulk user management, auditing, and system automation.

Create and maintain Infrastructure as Code (IaC) templates for Azure AD resources using ARM, Terraform, or Bicep.

4. Monitoring & Reporting:

Use monitoring tools like Azure Monitor, Sentinel, or on-prem solutions to track system health and generate compliance reports.

Implement alerting mechanisms for unauthorized access attempts, account lockouts, or replication failures.

5. Collaboration & Documentation:

Work closely with other IT teams, including network, cloud, and security, to support initiatives.

Maintain detailed documentation for all configurations, processes, and troubleshooting guides.

Expert-level knowledge of Microsoft Active Directory (2008 R2, 2012 R2, 2016, 2019).

In-depth experience with Azure Active Directory and hybrid identity management.

Strong understanding of LDAP, Kerberos, DNS, and networking fundamentals.

Proficiency in PowerShell and experience with automation tools.

Familiarity with security tools like Azure Sentinel, Defender for Identity, or equivalent.