Systems Admin, Sr

• Serve as the technical expert and escalation point for all Active Directory-related incidents and requests.
• Design, implement, and manage complex AD environments including forests, domains, trusts, and replication.
• Maintain and enforce Group Policy Objects (GPOs), including creation, auditing, and lifecycle management.
• Ensure the security and compliance of AD environments through regular reviews, hardening, and monitoring.
• Maintaining Group Policy Objects (GPOs), including creation, testing, deployment, and documentation.
• Design, manage, and troubleshoot AD Sites and Services
• Plan and implement site topology, subnet mapping, replication schedules and bridgehead server configuration.
• Ensure DNS and AD environments are secure. highly available and compliant.
• Support hybrid identity solutions such as Azure AD Connect and ADFS.
• Troubleshoot and resolve replication issues, authentication failures, and DNS-related problems.
• Collaborate with InfoSec and IAM teams to implement RBAC, privileged access management, and security baselines.
• Lead AD upgrades, migrations, consolidations, and DR planning.
• Maintain documentation of AD infrastructure, policies, and procedures.
• Mentor junior team members and provide knowledge sharing and training.
• Act as Second Level Liaison between client and service provider.
• Define, write, and maintain PPM (Process and Procedure Manual) for the project
• Assigned special projects
• Analyze systems, review and implement improvements or upgrades to enhance user experience and to prevent capacity issues
• Participate in rotating On-Call schedule and assist in after-hours Monthly Maintenance
• Primary Lead in training and mentoring less-experienced members of the team.
• Primary Lead in assigned special projects.

• Extensive experience in designing and implementing complex identity and access management solutions, including RBAC, access governance, and privileged identity management (PIM).
• Proficiency in integrating Azure AD with various Microsoft and non-Microsoft services, including Azure, Office 365, and third-party applications.

• In-depth knowledge of directory synchronization methods, including Azure AD Connect and Azure AD Domain Services.
• Experience in architecting and managing complex directory structures for multi-domain and multi-forest environments.

• Proficiency in scripting and automation with PowerShell, Azure CLI, or other relevant tools for Azure AD management and reporting.

• Excellent communication skills, including the ability to communicate complex technical concepts to non-technical stakeholders.

• 7+ years of hands-on experience with Microsoft Active Directory in a large-scale enterprise environment.
• Expertise in:
• ADDS, DNS, DHCP, DFS, and GPO management
• Kerberos, LDAP, NTLM, and authentication mechanisms
• AD replication and health monitoring tools
• Strong knowledge of Windows Server (2016/2019/2022).
• Strong experience in troubleshooting AD replication and authentication across multi-site environment.
• Experience with PowerShell scripting and automation for AD tasks.
• Familiarity with security best practices for Active Directory.
• Experience integrating AD with enterprise tools (e.g., MIM, Azure AD, ADFS, Okta, Duo).
• Solid understanding of change management, ITIL processes, and incident escalation procedures.
• Microsoft certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate, MCSE, etc.)
• Experience with hybrid cloud environments and identity federation.
• Familiarity with auditing tools such as Quest Change Auditor or similar.
• Knowledge of Active Directory disaster recovery and backup strategies.
• Experience with DNS management tools and IPAM.
• Experience supporting DNS in hybrid and cloud environments
• Experience in AD disaster recovery, DNS failover, and high availability setups.

Stefanini