ACTIVE DIRECTORY ADMINISTRATOR JOB DESCRIPTION

A Windows domain environment with no one accountable for it degrades quietly. Group Policy Objects drift out of sync, stale accounts accumulate access they should not have, and the first sign of trouble is often an audit finding or an access breach. The Active Directory Administrator is the answer to that slow erosion, owning identity lifecycle, access governance, and directory health for the enterprise. In organizations subject to SOX access controls or ITIL-governed change management, this role is the operational authority who keeps provisioning, deprovisioning, and policy enforcement running to standard. Scope varies by employer, but the accountability is consistent.

As the Active Directory Administrator, you manage the integrity of directory services and user access across an enterprise Windows environment, keeping identity infrastructure reliable, auditable, and aligned with security policy. You work within the IT infrastructure or security operations function, collaborating with helpdesk, security, and application teams who depend on accurate, timely access decisions.

Career Impact: Deep hands-on ownership of IAM operations and Group Policy architecture in multi-domain environments builds the technical credibility that opens paths to senior infrastructure or IAM Engineer roles.

Business Impact: When access provisioning, deprovisioning, and domain health are managed well, the organization reduces audit exposure and keeps thousands of end users working without friction.

Growth Opportunity: Expanding into hybrid cloud identity through Azure AD, SSO, and MFA design is a natural next step that significantly increases your market value as enterprise environments shift away from purely on-premises AD.

• Administer user account provisioning and deprovisioning across directory services, group memberships, and access-controlled applications.
• Design, deploy, and maintain Group Policy Objects across complex, multiple-domain environments to enforce security and configuration standards.
• Monitor domain controller health, replication status, DNS resolution, and trust relationships to maintain directory availability.
• Audit user, privileged, and service accounts periodically to identify inactive, unauthorized, or non-compliant access.
• Troubleshoot and resolve directory service incidents, including authentication failures, federation issues, and replication errors.
• Develop and maintain technical documentation covering AD procedures, access control standards, and change records.
• Implement scripted automation to reduce manual provisioning and policy management tasks.
• Collaborate with security, helpdesk, and application teams to integrate new systems with directory services and resolve escalated access issues.

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
• 3 or more years of Active Directory administration experience, with demonstrated responsibility for user lifecycle and Group Policy management.
• Working knowledge of ITIL service management processes, including incident, change, and request fulfillment workflows.
• Ability to write and maintain scripts for administrative task automation, without reliance on any single scripting language.
• Understanding of identity security principles, including least-privilege access, delegation models, and privileged account controls.
• Experience troubleshooting DNS, DHCP, and authentication protocols within a Windows Server environment.
• Strong written and verbal communication skills, with the ability to document procedures clearly and report on access audit findings.

• Experience designing or supporting hybrid identity environments spanning on-premises directory services and cloud-based identity platforms.
• Familiarity with SOX access control requirements or equivalent compliance regimes governing user access and audit trails.
• Exposure to federated identity protocols, including SAML, OAuth, or ADFS relying party trust configuration.
• Experience supporting Active Directory migrations, domain consolidations, or forest restructuring projects.

• Mean time to resolve provisioning and deprovisioning requests, measured against agreed SLA thresholds.
• Percentage of user and service accounts passing quarterly access audits without remediation required.
• Group Policy Object count and consolidation ratio, reflecting reduction of redundant or conflicting policies over time.
• Number of unresolved domain health alerts per week, measuring proactive monitoring against reactive incident volume.
• Change success rate for AD-related change requests submitted through the change management process.
• Typical tools: Directory administration consoles (commonly native AD tools or Quest Active Roles); scripting environments (commonly PowerShell); ITSM platforms (commonly ServiceNow).

• Base Salary Range: $70,000 to $95,000 per year
• Bonus: Annual performance bonus, typically 5 to 10 percent of base
• Equity: Uncommon at this level; RSUs offered at select mid-to-large employers
• Health Benefits: Medical, dental, and vision coverage; employer contribution standard
• PTO: 15 to 20 days annually, plus standard federal holidays
• Common Perks: Home lab or certification reimbursement, on-call stipend, remote or hybrid schedule

Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

Employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, or any other characteristic protected under applicable federal, state, or local law. Candidates requiring a reasonable accommodation during the application or interview process should notify the hiring team. Employment is contingent on successful completion of a background check. All applicants must be authorized to work in the United States.

The Active Directory Administrator owns the full lifecycle of user accounts, access provisioning, and security compliance across Active Directory, LDAP, SAP, and vendor systems. Working within the IT security and IAM function, this role shapes incident resolution and access audits that directly protect corporate systems and data integrity.

Key Responsibilities

• Create and maintain user accounts within Active Directory, LDAP, and global user management systems, including home drives and mailboxes.
• Provision and modify access to corporate systems, including LDAP-based applications, SAP instances, vendor applications, and proprietary applications.
• Create third-party vendor IDs and obtain and validate required vendor paperwork.
• Process terminations from multiple sources, terminate access to all applicable systems, and review and audit inactive and unused accounts.
• Administer Smart Card processing, including shipment verification, card programming and revoking, and troubleshooting card-related issues.
• Administer Microsoft Exchange and Skype for Business, including mailbox creation, distribution groups, phone number assignment, and end-user troubleshooting.
• Administer VPN accounts via RSA console, including token provisioning and advanced troubleshooting.
• Manage LDAP root administration, corporate application certificates via Entrust, and dealer and dealership administration.
• Handle incident tickets for 1st- and 2nd-level security and access topics, and perform audits of user, privileged, and system accounts.
• Verify security settings on all applicable accounts for compliance with corporate and security policy.
• Create and maintain security procedure and process documents and produce reports on performance and key metrics.
• Assist with the development and implementation of improvements to the Identity and Access Management process.

Required Qualifications

• Bachelor's degree or equivalent experience.
• 3+ years of IAM and IT experience.
• Working knowledge of ITIL processes; Foundations certification preferred.
• Strong policy and process knowledge, IT auditing skills, and expertise across a variety of technologies.
• Experience administering Active Directory, Quest Active Roles, Quest Change Auditor, LDAP, SAP, and RSA.
• Experience with IT Service Management tools, including HP Service Center and ServiceNow.
• Intermediate-level PowerShell and scripting skills.
• Ability to identify security risks, escalate appropriately, and communicate effectively with IT teams and customers, both verbally and in writing.
• Strong organizational, troubleshooting, documentation, and interpersonal skills.

Embedded within an enterprise IT team supporting Department of Defense and Army environments, the Active Directory Administrator delivers solutions to complex AD technical issues, including domain controller deployment, root cause analysis, and SCOM-driven compliance. Working closely with stakeholders across multiple geographic locations, this role sustains 24/7/365 enterprise watch operations and advances process improvement through documentation and junior staff mentorship.

Core Functions

• Administer Active Directory services using enterprise tool sets, including Change Auditor, AGPM, SCCM, and SCOM.
• Provide support for implementing, troubleshooting, and maintaining Active Directory systems, and distinguish isolated user problems from enterprise-wide issues.
• Ensure server configuration compliance with DoD and Army regulations.
• Coordinate with stakeholders to collect data, conduct analysis, develop, and implement solutions for incident tickets and requirements.
• Develop, test, and document solutions to complex Active Directory technical issues.
• Build and deploy domain controllers and other Active Directory servers remotely using approved installation procedures.
• Provide follow-up reports covering technical findings, resolution steps, and root cause analysis for process improvement.
• Mentor junior team members and update operations and maintenance documentation for 24/7/365 enterprise watch personnel.
• Support operations across multiple geographic locations and participate in rotational on-call duties.

Qualifications & Experience

• High School Diploma with 6 years of IT experience, or AA/AS with 4 years, or BA/BS with 2 years minimum.
• Current IAT II certification, including CCNA-Security, CND, CySA+, GICSP, GSEC, Security+ CE, or SSCP.
• Must obtain Microsoft server certification MCP 70-410, 70-411, or higher within 6 months of hire.
• Familiarity with Windows Active Directory, DNS, Server 2012 R2, physical and virtual servers, and client/server hardware and software configuration.
• Experience with McAfee HBSS, SCCM, SCOM, ACAS, and Microsoft SQL Server.
• Scripting experience with batch, VBS, and PowerShell.
• Strong verbal and written communication skills; ability to work independently and within a team.

Reporting to senior leadership, the Active Directory Administrator builds and maintains enterprise IAM systems that protect information resources from unauthorized access, spanning design, integration, patching, and incident resolution across DoD-regulated environments. Partnering with compliance, operations, and technical teams, this role advances IAM adoption and best practices throughout the system development life cycle to ensure senior management stays informed of regulatory and technology changes.

Primary Duties

• Design, develop, test, implement, and integrate IAM systems and solutions to protect information resources against unauthorized use and inappropriate access.
• Identify, analyze, and resolve system design weaknesses and troubleshoot issues related to identities, access, authentication, authorization, entitlements, and permissions.
• Maintain, patch, operate, and monitor IAM systems, and troubleshoot and resolve system incidents and changes.
• Facilitate continuous adoption, training, communication, and education of IAM capabilities, functions, and standards.
• Define, promote, and advise on solutions and best practices using applicable DoD standards throughout the system development life cycle.
• Design reusable strategies, components, libraries, and frameworks to support enterprise-level IAM services.
• Maintain awareness of changes within DoD, legal, regulatory, and technology environments, and ensure senior management is informed of updates on time.
• Update operations and maintenance documentation for 24/7/365 enterprise watch personnel.

Skills & Qualifications

• BS degree in an appropriate discipline with 1-2 years of direct engineering experience.
• Expert knowledge of IT systems, security software, hardware, cloud, and server-client suites.
• Experience working in scaled Agile environment frameworks, such as SAFe.
• Significant relevant experience supporting the sustainment of NISSC missions.
• Excellent analytical and problem-solving skills.
• Good communication skills, both verbal and written.

Sitting at the intersection of identity management and cloud infrastructure, the Active Directory Administrator leads the design, maintenance, and automation of a global Active Directory environment spanning multi-domain GPO management, Azure AD, and Windows server administration. Operating across on-premises and Microsoft 365 cloud platforms, this role delivers Tier II support and infrastructure maintenance that safeguards confidential information while enabling appropriate access for enterprise users.

Duties

• Administer and manage Active Directory services, including design, cleanup, routine maintenance, and configuration in a Windows multi-tenant environment.
• Develop, document, update, and manage GPOs across complex, multiple-domain network environments.
• Configure and maintain Windows servers in cloud and on-premises infrastructure, and design and maintain a global Active Directory infrastructure.
• Troubleshoot and resolve Active Directory, GPO, ADFS, password and identity management systems, and RADIUS authentication.
• Apply automation and scripting for patch management and enterprise lifecycle management, including security enhancements, upgrades, and capacity management.
• Manage Windows security features to protect confidential information while allowing appropriate access.
• Analyze, troubleshoot, and deliver Microsoft cloud solutions using Microsoft 365, and manage and monitor Microsoft 365 services, including Azure AD.
• Serve as an expert resource, resolve Tier II helpdesk tickets, and participate in monthly infrastructure maintenance rotations.

Requirements

• MS or BS in Computer Science, Engineering, or a related field.
• Minimum 5 years of total IT experience.
• Strong understanding of AD Forests, Domains, Trusts, DNS, DHCP, SCCM, Group Policy, and Organizational Units.
• Experience supporting enterprise applications in a high-availability environment.
• Background and understanding of ITIL service management.
• Strong interpersonal, communication, and problem-solving skills, with meticulous attention to detail.
• Ability to work independently with minimal supervision and to read and comprehend instructions in English.

A key member of the platform operations team, the Active Directory Administrator owns ACL administration and access control tasks for the FIS Prophet Professional and Enterprise platform, including Citrix XenApp environments and cloud infrastructure. Collaborating across technical operations and compliance functions, this role builds automation improvements and proactive monitoring practices that reduce manual effort and maintain production stability for financial services clients.

Functions

• Provide 24x7 on-call support for all assigned production-related systems.
• Support day-to-day technical operations of the FIS Prophet Professional and Enterprise platform, including Citrix XenApp, Microsoft Windows Server, and cloud environments.
• Manage and ensure ACL administration project tasks and tickets are serviced appropriately and on time.
• Perform ACL tasks, including new user creation, permission changes, folder-level and Citrix application access, user disabling and deletion, and Group Policy updates.
• Escalate showstopper issues to the next level on time and establish monitoring tools to manage environment issues proactively.
• Take automation improvement initiatives to reduce manual tasks and improve efficiencies.

Experience & Qualifications

• 6-8 years of overall IT experience.
• 2-3 years of hands-on experience supporting AD tasks, including user, group, and policy management and troubleshooting day-to-day ACL-related production issues.
• 1-2 years of hands-on PowerShell scripting experience.
• Knowledge of Citrix XenApp 7.x and Windows Server Administration for versions 2012, 2016, and 2019.
• Experience raising and implementing changes in a production environment and documenting and reviewing standard operating procedures.
• Knowledge of the financial services marketplace, risk management, information security, and compliance best practices.

Secure, well-governed Active Directory operations depend on the Active Directory Administrator, who leads all phases of AD operations as principal subject matter expert, including root cause analysis, configuration, documentation, and vendor coordination for complex, mission-critical Windows Server environments. Based within the enterprise IT function and providing guidance to less-experienced engineers, this role shapes the reliability and security of identity systems that support all organizational users.

Accountabilities

• Serve as the principal Active Directory subject matter expert and lead all phases of Active Directory operations.
• Develop solutions to complex problems requiring regular ingenuity and creativity, and conduct root cause analysis to identify, diagnose, and resolve Active Directory issues.
• Configure, test, and maintain Active Directory equipment and related services, and orchestrate maintenance to support all system users.
• Create and maintain comprehensive documentation for all implemented Active Directory activities, and configure systems to user requirements.
• Support implementation plans for new configurations and work with vendors to evaluate new products and resolve equipment design problems.
• Provide guidance and work leadership to less-experienced engineers and technical staff, and maintain current knowledge of relevant technologies.

Technical Qualifications

• Bachelor's degree with 7+ years of experience in Active Directory Services and/or Identity Management Services.
• In-depth understanding of Active Directory delegation and security models.
• Experience managing production Windows Servers supporting multiple mission-critical initiatives.
• Working knowledge of Microsoft Applications and Services, including IIS, DNS, DHCP, and WINS, as well as Microsoft Enterprise Technologies.
• Ability to configure and manage all aspects of MS Active Directory and troubleshoot Active Directory-related integrations.

As the Active Directory Administrator, this role delivers support and administration for MS Active Directory environments in 2003 and 2008 versions, covering Forest, Domain, OU, and user object administration, Group Policy management, and system tuning for multi-user and multi-site deployments. The Windows infrastructure team relies on this work to maintain optimal AD response and ensure sound design and configuration of DNS, DHCP, PKI, and Federation Services across the enterprise.

Activities

• Provide support for an MS Active Directory environment in both 2003 and 2008 versions.
• Manage Active Directory permissions, trust relationships, and account creation and deletion in a 2003/2008 environment.
• Manage Forest, Domain, OU, and user object administration, and perform systems analysis and tuning.
• Ensure optimal AD infrastructure response for multi-user and multi-site environments.
• Plan, configure, administer, and troubleshoot Microsoft Windows AD and OS, and manage Group Policy Objects in a 2003/2008 Windows environment.

Position Requirements

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• In-depth exposure to MS Active Directory required.
• Technical experience in OS architecture and design, patching, and management of Microsoft DNS and DHCP.
• Technical experience in Group Policy design and maintenance, AD toolkits and native tools for security risk identification, and AD Infrastructure design and implementation.
• Technical experience in Active Directory Federation Services, Forefront Identity Manager, PKI, and architecting and configuring AD Forests, Domains, Trusts, DNS, DHCP, Group Policy, and Organizational Units.
• Technical experience in global backup and recovery design and architecture for Active Directory.

Active Directory Administrator leads on-site IT helpdesk services in partnership with a global team, managing user account lifecycle, workstation deployment, and Level 1 and Level 2 incident management. The work directly supports end-user productivity and operational continuity by ensuring timely ticket resolution, platform updates via WSUS and EPO, and escalation to Level 3 when required.

Operational Focus

• Manage IT helpdesk services on-site together with a global team.
• Manage user Active Directory accounts, including onboarding, offboarding, and authentication.
• Manage workstation and application deployment and asset management following company policy and procedures.
• Follow up on workstation platform updates, including WSUS and EPO.
• Handle Level 1 and Level 2 incident management and execute escalations to Level 2 and Level 3 when needed.
• Manage ticket request queues and participate in projects and tasks assigned by the functional operational manager.

Knowledge, Skills & Abilities

• BSc or MSc in Computer Science and Engineering or equivalent.
• 2-5 years of relevant experience.
• Experience managing patching, package management, users and permissions, disks, LVM, filesystems, OS-level networking, and O365.
• Active Directory management skills and security skillset in OS platforms.
• Basic understanding of network topology and connectivity, including LAN, VLAN, and WAN, as well as network protocols and addressing schemes.
• Strong problem-solving, interpersonal, and verbal and written communication skills in English.
• Autonomy, motivation, innovation mindset, and customer-oriented approach.

The Active Directory Administrator oversees client-facing Active Directory support across complex incident troubleshooting, root cause investigation, and patch management within Windows Server environments including Hyper-V and Azure VM. Embedded in a consulting practice that values stakeholder communication and ethical conduct, this role advances service quality by applying firm-standard methodologies and identifying process efficiencies for clients and internal teams.

Key Deliverables

• Maintain professional conduct and take responsibility for work and commitments.
• Identify and suggest efficiencies and improvements when performing work.
• Stay current with new and evolving technology, and use firm standard tools, techniques, and methodologies to support research, analysis, and problem-solving.
• Handle, manipulate, and analyze data and information responsibly.
• Communicate with empathy, adapting communication style to the needs of the situation and audience, and manage stakeholder expectations effectively.
• Uphold the firm's code of ethics and business conduct, embracing diverse points of view and conflicting ideas.

Professional Experience

• 2-3 years of experience in Active Directory, including troubleshooting and root cause investigation of complex incidents.
• Server infrastructure experience with Windows Server 2008, 2012, and 2016.
• Knowledge of Hyper-V Management Console and Azure VM.
• Experience with Windows Server Update Services (WSUS) for patch management.
• Knowledge of the ARS interface console and PowerShell scripting.
• Can apply a flexible approach to meet the changing needs of teams and clients.
• Intermediate-to-advanced English proficiency.

Embedded within a Tier III enterprise platforms team, the Active Directory Administrator develops day-to-day directory and messaging support for a global Active Directory environment spanning 255,000 users across multiple AD forests, including ADAM/ADLDS, Global Address List management, and DISA STIG compliance. Working closely with Tier II and III sections and the Change Approval Board, this role produces weekly Messaging Status Reports and proactive event remediation that sustain messaging infrastructure health across the enterprise.

Areas of Ownership

• Provide Tier III Enterprise Platforms support for a global enterprise Active Directory environment spanning 255,000 users across multiple AD forests and locations.
• Provide day-to-day messaging and directory support for ADAM/ADLDS, UnitySync, and Identity Integration Feature Pack, and manage the Global Address List.
• Maintain and monitor the health of messaging technologies and database infrastructure using the provided event management tools.
• Resolve all DBA incident tickets escalated from the service desk, and provide a weekly Messaging Status Report.
• Provide documentation, guidance, and instruction to the service desk for handling standard network infrastructure incidents and service requests.
• Submit and execute network-related change request tasks, and coordinate incident tickets between Tier II and III sections.
• Support change management processes, including submission through the Change Approval Board and participation in the Change Review Board.
• Escalate product-related DBA issues to third-party vendors and implement monitoring tool thresholds for proactive event remediation.
• Provide analysis and remediation for DISA STIGs in preparation for annual Commanders' Cyber Readiness Inspections.

Background & Experience

• DoD 8580 IAT III or IAM III certification, including CISA, GCIH, GCED, CASP, CISSP, GSLC, or CISM.
• Professional-level certification, including MCSA Windows Server 2008/2012, MCSE Server Infrastructure, or MCITP Server 2008; ITIL v3 desired.
• 7 years of related experience.
• Strong experience with Active Directory 2008/2012, including planning, deploying, migration, mailbox server failover, and cluster management.
• Extensive knowledge of AD architecture, databases, logs, mail routing, and protocol support.
• Experience with PowerShell commands for managing Active Directory features, roles, mailboxes, performance, and troubleshooting.
• Experience in building, tuning, and maintaining servers in an enterprise environment, and troubleshooting server performance issues using native Windows Server tools.
• Thorough working knowledge of Windows Server 2008/2012 and Active Directory as it relates to enterprise technologies.
• Firewall and DMZ experience, including configuring and troubleshooting certificates.

Reporting to senior infrastructure leadership, the Active Directory Administrator refines and sustains enterprise-grade AD architecture across multi-forest environments, delivering expert troubleshooting for DNS, WINS, DFS, and LDAP issues alongside security implementations including JEA, JIT, and tiered administration models. Partnering with desktop, messaging, and platform teams to provide 2nd- and 3rd-line support, this role advances AD security standards and high availability across Windows Server 2003–2016.

Role Responsibilities

• Provide expert troubleshooting for multi-forest Active Directory service issues, including DFS, DNS, WINS, and LDAP.
• Support AD name resolution technologies, including DNS, WINS, DHCP, and Infoblox.
• Implement AD security methodologies, including JEA, JIT, delegation models, and tiered admin models.
• Perform AD schema extensions, create and review PowerShell scripts, and support AD-integrated services.
• Maintain security, standards, and high availability of AD architecture, and write and review design documents.
• Provide 2nd- and 3rd-line support for data service issues and effective problem resolution.
• Support Microsoft Windows Server 2003-2016, including Active Directory, Group Policy, DNS, WINS, DHCP, PKI, DFS, HA, clustering, RDS, VMware, vCenter, ESXi, HyperV, MBAM, BitLocker, and VPN.
• Provide software deployment, 3rd-line support, and generic desktop support.

Required Qualifications

• Strong understanding of FSMO roles, domain controller promotion and demotion, and MSI technology.
• Scripting experience using BAT, PowerShell, C#, and VB Scripts.
• Experience with application layering using VMware App Volumes.
• Awareness of Change and Release Management processes.
• Strong written and verbal communication skills, with the ability to create and run reports.
• Self-motivated with a positive attitude and comfortable working with ambiguity.

Sitting at the intersection of on-premises identity management and cloud infrastructure, the Active Directory Administrator oversees Microsoft Infrastructure Services, including Active Directory, Azure AD, DHCP, and DNS, with responsibility for SSO, MFA, and SAML environment design across hybrid deployments. Operating alongside national and international IT departments and providing 2nd-level support for incidents and changes, this role produces automated administration solutions that advance infrastructure reliability and operational consistency.

Job Functions

• Plan, configure, operate, and further develop Microsoft Infrastructure.
• Maintain and administer Microsoft Infrastructure Services, including DHCP, DNS, and AD.
• Produce systems and process documentation.
• Automate recurring administration tasks.
• Work closely with national and international IT departments.
• Provide 2nd-level IT support for incidents, service requests, and changes.

Qualifications & Experience

• An academic degree in Computer Science or a similar field.
• 3-5 years of professional experience.
• Technical knowledge of identity repository technologies, including Microsoft AD, Azure AD, Hybrid AD Infrastructure, and Azure AD Connect.
• Proficiency in concepting SSO, MFA, and SAML environments, including integrated Windows authentication and OAuth for access delegation.
• Experience working with PowerShell and VBScript.
• Fluent English required; German language skills are an advantage.

A key member of the enterprise IAM operations team, the Active Directory Administrator develops and manages ADFS certificate lifecycle, AD health monitoring, and Level 3 end-user support for replication, federation, and authentication issues across the enterprise. Collaborating with security, compliance, and platform teams on relying party trust integration and AD consolidation, this role advances operational reliability and SOX access control compliance through strong analytical and communication practices.

What You'll Do

• Provide Level 3 support for end users across the enterprise for supported issues, including troubleshooting of replication, DC location, federation, and authentication problems.
• Participate in on-call rotation and assess, test, and apply required Windows Server patches or updates.
• Monitor the general health of servers and services, including Kerberos functionality, database health, and WAP server certificates.
• Manage ADFS certificates, monitor for expiration and updates, and manage ADFS Reverse Proxy Servers in the DMZ.
• Support GMSA, MSA, and Service IDs used within AD, and manage test environments.
• Work with other teams on the integration of new and updated relying party trusts and claims, and assist with AD environment consolidation.

Skills & Qualifications

• Degree in Computer Science, IT, or equivalent experience.
• Experience managing IAM operations, including people management skills.
• Solid understanding of Active Directory and IAM principles.
• Scripting knowledge in PowerShell, SQL, Access, and Excel, including data mapping.
• Experience designing and executing Active Directory backup and recovery, and capturing server memory dumps and network packet captures.
• Experience with SOX compliance and related access controls a plus.
• Excellent analytical skills and attention to detail.
• Ability to quickly learn and adapt to new concepts and tools, and troubleshoot complex problems with minimal guidance.
• Excellent verbal, written, and presentation communication skills, with the ability to prioritize work and provide clear status updates to management.

Reliable domain security and access governance across EOHHS and DSS environments depend on the Active Directory Administrator, who refines OU hierarchies, Group Policy Objects, and domain controller health monitoring while managing migrations, upgrades, and security patching for a complex multi-site enterprise. Serving as the liaison between EOHHS and the MassIT Messaging Team for Enterprise and Domain Admin coordination, this role strengthens compliance with privacy and patient confidentiality regulations through PowerShell-driven automation and proactive security log review.

Day-to-Day Responsibilities

• Act as the liaison between EOHHS and the MassIT Messaging Team for coordination of Enterprise Admin and Domain Admin activities, including AD site configuration management.
• Create all OU hierarchies with sub-OUs, groups, and appropriate security permissions, and monitor the reliability and security of the domain.
• Maintain system security by applying service packs and security patches, and monitor connectivity, synchronization, replication, netlogon, time services, FSMO roles, DNS settings, SRV records, and trust relationships.
• Review DC event and security logs, take corrective actions, and monitor and resolve security situations at all domain levels.
• Back up and restore AD objects on domain controllers, and develop, apply, and enforce standard naming conventions for AD objects.
• Install and support security reporting tools, such as Netwrix Auditor for Active Directory, and plan and manage all migrations and upgrades related to AD and domain controllers.
• Perform housekeeping duties to remove stale, unused, and expired AD objects, and manage group policy for EHS and DSS domains.
• Create, test, and deploy GPOs via PowerShell for software packages, including Reader, Flash, Chrome for Work, Citrix Receiver Client, Firefox, and their upgrades.
• Manage Group Policy Object links in the OU hierarchy and utilize PowerShell to consolidate existing GPOs and minimize duplicates.

Requirements

• Strong analytical, problem-solving, and customer service skills with demonstrated success managing a complex, multi-site environment.
• Experience with Group Policy creation and demonstrated success in achieving customer satisfaction in IT for a medium-to-large business.
• Strong knowledge of PowerShell and the ability to manage design, definition, and assignment of Active Directory networks, hardware, and software.
• Knowledge of regulatory requirements relative to privacy and patient confidentiality.
• Proven verbal and written communication skills and strong relationship-building capabilities, both internally and externally.
• Ability to work independently with minimal supervision and in a group setting.