Administer and maintain on-premises Active Directory (AD DS) and Microsoft Entra ID (Azure AD) in a hybrid identity environment, including domain controllers, AD Sites & Services, domain/forest trusts, replication and directory synchronization.
Create, manage, and troubleshoot Group Policies to enforce consistent configuration and security settings across the enterprise.
Monitor directory health (AD replication, AD-integrated DNS, domain controller performance, Azure AD sync) and proactively resolve issues to ensure reliable authentication and access services.
Apply Active Directory security best practices (tiered admin model, least privilege, hardened domain controllers) to safeguard identity infrastructure and data.
Maintain and test Active Directory backup and recovery processes (authoritative/non-authoritative restore procedures), participating in disaster recovery exercises to ensure directory service resilience.
Automate and streamline identity administration tasks using PowerShell scripting for bulk operations, health checks, and reporting.
Manage identity-related incidents and service requests as 2nd-level support, troubleshooting complex AD, DNS, GPO, or Entra ID issues to minimize impact on users.
Implement changes to directory and identity services in adherence to ITIL-based change management processes, providing clear plans, risk assessments, and post-change validation.
Support user identity lifecycle and access management processes (account provisioning, permissions management) and contribute to cross-system authentication and authorization solutions (e.g., single sign-on integrations).
Update and maintain technical documentation, runbooks, and Standard Operating Procedures (SOPs) for Active Directory and Entra ID services.
Other specific duties as assigned by the team leader.

AD/Entra ID Engineer

About the role